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(54) TiUe: INTERNET PAYMENT AND LOADING SYSTEM USING SMART CARD 



(57) Abstract 

An architecture and system 
loads and uses a smart card (5) for 
payment of goods and/or services 
purchased on-line over the Internet 
(202). A client module on a client 
temiinal (204) controls the inter- 
action wilii a consumer and inter- 
faces to a card reader (210) which 
accepts the consumer's smart card 
(5) and allows loading and debit- 
ing of the card. Debiting works in 
conjunction with a merchant server 
(208) and a payment server (206). 
Loading works in conjunction widi 
a bank server (860) and a load 
server (862). The Internet provides 
the routing functionality between 
the client terminal and the various 
servers. A payment server (206) 
on the Internet includes a computer 
and a security module (or a secu- 
rity card (218) in a terminal (214)) 




to handle the transaction, data store 
and collection. A merchant server (208) advertises the goods and/or services offered by a merchant for sale on a web site. The merchant 
contracts with an acquirer to accept smart card payments for goods and/or services purchased over the Internet. A consumer uses his smart 
card (5) at die client terminal (204) in oder to purchase goods and/or services from the remote merchant server (208). The client terminal 
sends a draw request to the payment server. The payment server processes, confirms and replies to the merchant server (optionally by way 
of the client terminal). To load value, the client terminal (204) requests a load from a user account at the bank server (860). A load request 
is sent from the card (5) to the load server (862) which processes, confirms and replies to the bank server (optionally by way of the client 
terminal). The bank transfers loaded funds to the card issuer (108) for later settlement for a merchant from whom die user purchases goods 
with value on the card. 
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Internet Payment and Loading System Using Smart Card 
field of the invention 

5 The present invention relates generally to a payment system and a value loading 

system using a computer network. More specifically, the present invention relates to a 
payment system and a value loading system for a smart card using an open network such as 
the Internet. 

BACKGROUND OF THE INVENTION 

10 With the explosive growth in open networks (such as the Internet) over the past 

several years and the rapid increase in the number of consumers with access to the World 
Wide Web, there has been a great deal of interest in the development of electronic 
commerce on the Internet. Traditional financial transactions are being transformed. 

A variety of service providers have introduced payment schemes to support the 
15 purchase of goods or services on-line in a virtual merchant environment. These approaches 
have used several models based on traditional payment methods existing in the face-to-face 
retail market, including credit/debit cards, checks and cash. However, for a variety of 
reasons, various of these numerous schemes have particular drawbacks. 

Currently, a consumer may use his or her traditional credit or debit card to make a 
20 purchase over the Internet. A consumer simply supplies his card account number which is 
then transmitted across the Internet to a merchant and the payment transaction is completed 
in the traditional manner for a credit card. Often, these account numbers are U-ansmitted 
over the Internet with extremely limited or no security. Security can be improved through 
use of the "Secure Electronic Transaction" protocol published by Visa International and 
25 Mastercard in 1996. These transactions still require some form of card validation and 
performance of a balance check. These checks are performed on-line between the 
merchant, an acquirer and an issuing bank, a process which can become time consuming 
and inefficient when the value of the transaction is low, or when a number of small value 
transactions will be taking place in a short time span. 

30 The electronic check is modeled on the paper check, but is initiated electronically 

using digital signature and public cryptography. Deposits are gathered by banks via 
electronic mail and cleared through existing channels such as the Automated Clearing 
House ( ACH). However, use of such an electronic check by a consumer has various 



wo 98/49658 PCTAJS98/08806 

drawbacks. For one, digital signatures and public encryption necessitate use of a certifying 
authority adding additional entities and "net" trips to the transaction. Also, cardholder 
registration is needed. 

Other Internet payment alternatives are modeled on cash transactions and include a 
5 variety of schemes. With CyberCash. the consumer appends his credit card number to an 
electronic invoice received from the merchant, returns the credit card number to the 
merchant which is then processed and forwarded on to CyberCash where it is then treated 
like a normal credit card transaction. However, this technique suffers from some of the 
disadvantages discussed above with respect to traditional credit card transaction on the 
10 Internet and requires additional work by the merchant in processing the credit card number. 
Debit transactions may also be completed but require a consumer to open a CybetCash 
account in advance. 

A digital, token-based system for Internet transactions has been implemented by 
DigiCash. With DigiCash, so-called "digital coins" are purchased from DigiCash from a 

15 prefunded deposit account and stored on the consumer's hard drive. These digital coins are 
then used for an Internet transaction with a merchant. This scheme has disadvantages in 
that the consumer must first set up a relationship with DigiCash and use a credit card or 
similar instrument to purchase these digital coins, which then must be downloaded to the 
consumer's computer. This transaction can be time consuming for the consumer and is 

20 subject to fraud. In addition, a merchant must be set up to not only accept these digital 
coins, but also to verify their authenticity, to confirm the transaction, and then finally to 
forward these numbers on to his bank in order to finally get paid. One drawback from the 
merchant's point of view is that much of the transaction work must be performed by the 
merchant. 

25 Another scheme for completing an Internet transaction is offered by First Virtual 

Holding, Inc. First Virtual offers a software solution based upon a unique identification 
number and electronic mail confirmation. To use this scheme, a consumer opens a special 
account with First Virtual and then receives a confidential identification number. When the 
consumer wishes to purchase a product or service over the Internet, he or she sends an 

30 electronic mail message containing the confidential identification number to the merchant. 
The merchant then sends the number to First Virtual by electronic mail for verification and 
identification of the customer. First Virtual then confirms with the consumer by electronic 
mail that the consumer did indeed initiate the transaction and wishes to make the purchase. 
There are drawbacks to this scheme in that the consumer must first open a special account 

35 with First Virtual. Also, the merchant must communicate with First Virtual to identify the 
customer and to identify the customer's credit card account number that is identified by the 
confidential identification number. 

2 
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Aside from payment schemes over the Internet, a technique in use for performing a 
financial transaction at a stand-alone terminal uses a smart card. A smart card is typically a 
credit card-sized plastic card that includes a semiconductor chip for holding the digital 
equivalent of cash direcUy, instead of pointing to an account or providing credits. When a 
5 card of this kind is used to make a purchase, the digital equivalent of cash is transferred to 
the merchant's "cash register^' and then to a financial institution. Stored- value cards are 
either replenishable (value can be reloaded onto the card using a terminal) or non- 
replenishable (the card is decremented in value for each transaction and thrown away when 
all its value is gone). 

10 Physically, a smart card often resembles a traditional "credit" card having one or 

more semiconductor devices attached to a module embedded in the card, providing contacts 
to the outside world. The card can interface with a point-of-sale terminal, an ATM, or a 
card reader integrated into a telephone, a computer, a vending machine, or any other 
appliance. A microcontroller semiconductor device embedded in "processor" smart card 

1 5 allows the card to undertake a range of computational operations, protected storage, 
encryption and decision making. Such a microcontroller typically includes a 
microprocessor, memory, and other functional hardware elements. Various types of cards 
are described in "The Advanced Card Report: Smart Card Primer", Kenneth R. Ayer and 
Joseph F. Schuler, The Schuler Consultancy, 1993, which is hereby incorporated by 

20 reference. 

One example of a smart card implemented as a processor card is illustrated in FIG. 
1 .. Of course, a smart card may be implemented in many ways, and need not necessarily 
include a microprocessor or other features. The smart card may be programmed with 
various types of functionality, such as a stored-value application; credit/debit; loyalty 
25 programs, etc. For the purpose of this disclosure, card 5 is programmed at least with a 
stored-value application, and will be referred to as "stored-value" card 5. 

Stored-value card 5 has an embedded microcontroller 10 that includes a 
microprocessor 12, random access memory (RAM) 14, read-only memory (ROM) 16, 
non-volatile memory 18, an encryption module 22, and a card reader interface 24. Other 
30 features of the microcontroller may be present but are not shown, such as a clock, a 
random number generator, interrupt control, control logic, a charge pump, power 
connections, and interface contacts that allow the card to communicate with the outside 
world. 

Microprocessor 12 is any suitable central processing unit for executing commands 
35 and controlling the device. RAM 14 serves as storage for calculated results and as stack 
memory. ROM 16 stores the operating system, fixed data, standard routines, and look up 

3 
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tables. Non- volatile memory 18 (such as EPROM orEEPROM) serves to store 
information that must not be lost when the card is disconnected from a power source but 
that must also be alterable to accommodate data specific to individual cards or any changes 
possible over the card lifetime. This information might include a card identification 

5 number, a personal identification number, authorization levels, cash balances, credit limits, 
etc. Encryption module 22 is an optional hardware module used for performing a variety 
of encryption algorithms. Card reader interface 24 includes the software and hardware 
necessary for communication with the outside world. A wide variety of interfaces are 
possible. By way of example, interface 24 may provide a contact interface, a close-coupled 

10 interface, a remote-coupled interface, or a variety of other interfaces. With a contact 

interface, signals from the microcontroller are routed to a number of metal contacts on the 
outside of the card which come in physical contact with similar contacts of a card reader 
device. 

One possible use of a stored-value card by a consumer is illustrated in FIG. 2. FIG. 

15 2 illustrates a block diagram of a customer operated service payment terminal 50. A 

customer typically uses such a service payment terminal in a face-to-face environment in 
order to purchase goods in a store or directly from the terminal itself. Service payment 
terminal 50 can be an attended device or it can be integrated into a self-service device such 
as a vending machine or public telephone. For example, the service payment terminal may 

20 be incorporated into a soda machine in order to dispense sodas to a customer in which the 
customer pays by inserting the stored-value card. Or, the service payment terminal may be 
a point-of-sale terminal such as is found at a check-out counter where a customer inserts his 
stored-value card in order to purchase goods. 

Service payment terminal 50 includes a router 51, a user interface 52, a card 
25 handler/reader 54, a security card handler 56, a security card 58, a terminal application 60, 
a data store 64 and a concentration point handler 66. Router 5 1 is hardware and software 
for routing information between functional blocks. User interface 52 controls the status of 
displays on the terminal and supplies instructions to the user. For example, the user 
interface provides instructions relating to insertion of stored-value card 5 or security card 
30 58. Also, the user interface provides instructions and/or buttons for the customer to 
interact with terminal application 60 in order to purchase goods and/or services. Card 
handler 54 provides a physical card reader and associated software for accepting and 
communicating with stored-value card 5. Similarly, security card handler 56 provides a 
card reader and associated software for communicating with security card 58. In 
35 conjunction with security card handler 56, security card 58 controls the command sequence 
of the terminal and provides transaction and a batch security. 



4 
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Terminal application 60 receives commands and information about the transaction 
and initiates the actual purchase. In addition, terminal application 60 is responsible for all 
application specific functionality such as guiding the customer through the use of the 
terminal via a display, and for providing all hardware and software needed to provide the 
5 user with a good and/or service once it has been informed by the security card that an 
appropriate value has been deducted from the stored-value card. 

Data store 64 controls the storage of purchase transactions and totals. 
Concentration point handler 66 controls the sending and receiving of information to and 
from a concentration point. Concentration point 68 is a staging computer that 

10 communicates with any number of service payment terminals to collect batches of 

transactions. The concentration point then sends these transaction batches to a clearing and 
administration system for processing (such as in FIG. 3). Once processed, batch 
acknowledgments, along with other system updates are sent to the terminals via the 
concentration point. The concentration point ensures a successful transfer of data between 

1 5 service payment terminals and the clearing and administration system, and prevents 

overloading of the clearing and administration system. The service provider contracts with 
a concentration point for collection of the service payments. The concentration point may 
also be an existing central facility such as a telephone company that collects its own 
payments from card telephones. 

20 Such a service payment terminal 50 allows a customer to use a stored-value card for 

the payment of goods and/or services, generates a payment result from a transaction, and 
bundles individual payment results into a collection for transfer to a clearing and 
administration system, which then transfers funds that had been debited from a customer's 
stored-value card to the merchant whose goods and/or services had been purchased from 

25 the terminal. 

FIG. 3 illustrates an environment 100 useful for issuing stored-value cards and 
reconciling transactions performed with such a card. A terminal supplier 102 builds the 
equipment used by a service provider 104 to provide goods and/or services to customers 
having a stored-value card at a service payment terminal 50. Card Supplier 106 contracts 
30 with an integrated circuit manufacturer and a card manufacturer for integrated circuits and 
plastic card bodies, then embeds the integrated circuits into the cards and initializes them 
with a serial number. It then delivers the cards to card issuer 108. In conjunction with 
clearing and administration system 1 1 0 (such as a system provided by Visa International of 
Foster City, CA), card issuer 108 personalizes new cards and then transfers these cards to 
35 individuals (cardholders 1 12). The cardholder may then charge the card with value prior to 
use. Alternatively, the card may come with value already loaded. The cardholder 1 12 may 
then use the card at a service payment terminal 50 to purchase goods and/or services from 

5 
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service provider 104. Terminal 50 then debits the value from the card, thus creating a 
service payment. 

Periodically, all transactions are sent in a data file from terminal 50 via concentration 
point 68 and an acquirer 1 14 to clearing and batch administration system 1 10 along with 

5 accumulated service payment batches from other terminals. Based upon this collection 
data, clearing and administration system 1 10 then receives money from card issuer 108 
which had originally come from cardholder 1 12. Clearing and administration system 1 10 
then transfers a lump sum to acquirer 1 14 using a suitable settlement service (such as one 
provided by Visa International) to pay the various service providers having a relationship 

10 with acquirer 1 14. Based upon the previous collection data, acquirer 1 14 then transfers an 
appropriate amount of money to each service provider 104 reflecting the value of the goods 
and/or services that that service provider had provided that day to cardholders based upon 
deductions from their stored-value cards. 

Although such a service payment terminal described above is useful for the on-site 
1 5 purchase of goods by a consumer with a smart card, it does not permit the purchase of 

goods and/or services by a customer over a network. Nor does such a terminal permit the 
immediate transfer of electronic information to a consumer's computer. Service payment 
terminals are typically specially-designed units of hardware and software located at a 
merchant site. Furthermore, the service payment terminal is designed to integrate into one 
20 hardware location the functions of the terminal application (providing goods and/or 
services), a card handler for the stored-value card, and the transaction management 
embodied in the security card. Such a design is not suitable for transactions where a 
customer may wish to perform a transaction from almost any location (including the home 
or office) quickly and easily with a minimum of prearranged set-up and expense. 
25 Furthermore, although various Internet payment schemes have been suggested, they are not 
oriented toward small value transactions, and do not allow the use of a smart card for 
transactions over the Internet. 

Thus, it would be desirable to have an architecture and system that would allow a 
consumer to quickly and easily perform transactions over an open network such as the 
30 Internet using a smart card. It is also desirable to have an architecture and system in which 
a user may use a smart card for both purchases over the Internet as well as purchases at 
existing service payment terminals. 

However, in order to purchase, the card must be loaded with value first. Value can 
be loaded onto a stored-value card in a variety of ways. Currently, it is inconvenient for a 
35 user to load value onto his or her stored-value card. A user must physically travel to a bank 
or other institution that has an automated teller machine (ATM) or other similar device in 

6 
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order to load value on to his or her stored-value card. The user can insert money into the 
machine and have a corresponding value put onto the stored-value card, the user can use a 
debit card to deduct value from the user's account at the bank for transfer to the card, or a 
credit card can be used as the source of funds to be transferred to the stored-value card. 
5 In either case, the user must travel to the bank to load value. Further creating difficulty is 
that not all banks or other financial institutions have such a machine for loading value onto 
a user's stored-value card. 

Accordingly, it would also be desirable to have a technique to allow a user to 
conveniently and easily load value onto a stored-value card. 

1 0 SUMMARY OF THE INVENTION 

To achieve the foregoing, and in accordance with the purposes of the present 
invention, an architecture and system is disclosed that enables the use of a smart card for 
payment of goods and/or services purchased on-line over an open network such as the 
Internet. Further, an architecture and system is disclosed that enables a smart card to be 
15 loaded with value on-line over an open network such as the Internet. 

In a first aspect, the present invention provides an electronic commerce payment 
solution offering consumers an on-line equivalent to purchases with cash or coins. It 
extends the notion of a smart card to the Internet marketplace, providing an alternative for 
low-value transactions. The present invention facilitates not only the purchase of physical 
20 goods, but also the purchase of digital merchandise (such as electronic information). 

In one embodiment of the present invention, a client server on a client terminal 
controls the interaction with the consumer and interfaces to a card reader which accepts the 
consumer's smart card, which, in one specific embodiment, includes a stored-value 
application. For the purposes of this description, the smart card with a stored-value 

25 application used in embodiments of the invention will be simply referred to as a "stored- 
value card." A payment server on the Internet includes a computer and terminals that 
contain security cards to handle the transaction, data store and collection. Also connected 
to the client terminal and the payment server over the Internet is a merchant server 
advertising the goods and/or services offered by a merchant for sale. In one embodiment 

30 of the invention, the merchant server includes a web site and the merchant has contracted 
with an acquirer to accept stored-value card payments for goods and/or services purchased 
over the Internet. Thus, a consumer may use his or her stored-value card at a client 
terminal location in order to purchase goods and/or services from a remote merchant server. 
The Internet provides the routing functionality among the client terminal, merchant server 

3 5 and payment server. 

7 
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From the consumer's perspective, the present invention operates in a similar 
fashion as using a stored-value card in a real merchant environment. The transaction 
process is similar to the interaction between a stored-value card and a service payment 
terminal in a face-to-face merchant environment, but with functionahty distributed across 

5 the Internet between the card reading device located where the customer is. the merchant 
server advertising the merchant's wares, and a payment server with a security card that 
manages the transaction. All of these entities may be physically remote from one another 
with router functionality being provided by the Internet. The present invention is easy to 
use. A consumer need not establish a new relationship with a bank or other Internet service 

10 company, nor create a special Internet deposit account in order to begin purchasing goods 
and/or services on the Internet. A consumer simply makes use of currently available 
stored-value cards in order to make an Internet purchase. 

When browsing merchant store fronts on the Internet and deciding to purchase goods 
and/or services, the cardholder selects the stored-value card payment option offered by the 

1 5 merchant. The cardholder then inserts his or her card into a card reader attached to a 
personal computer (for example). The cardholder's balance and purchase amount are 
displayed, the cardholder approves the purchase, and the amount is deducted from the 
value stored on the stored-value card. The transaction amount is captured by the security 
card or the merchant server for subsequent batch settlement through a clearing and 

20 administration system to the issuer and acquirer. In one embodiment, the transaction 

security and authentication for the system follows a similar methodology as that used in an 
actual service payment terminal between a stored-value card and the security card in the 
terminal. Advantageously, a customer may make use of pre-existing stored-value cards for 
purchases over the Internet without any prior arrangement of an account, purchases of 

25 credits or tokens, or establishment of a new relationship with a bank or other company. 

In addition, once a value has been deducted from the stored-value card, the 
merchant has been informed, and the security card in the payment server has recorded the 
transaction, an existing clearing and administration system may be used to reconcile the 
transaction and to pay the appropriate parties. Advantageously, a new system and 
30 methodology for reconciling transactions need not be developed or implemented. A pre- 
existing clearing and administration system may be used which greatly simplifies 
implementation of the present invention. 

Use of a stored-value card as payment for Internet transactions provides numerous 
advantages. For example, a stored-value card can be used in small transactions where 
35 credit cards or checks would be unrealistic. Other advantages to the consumer include 
enhancing the value of a stored-value card by enabling access to both real and Internet 
merchant environments with a single card. The present invention also allows an 

8 
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anonymous payment solution for transactions over open networks. Furthermore, in one 
embodiment of the invention the stored- value card is implemented on a traditional credit 
card; a single card thus provides payment solutions for both low and high value 
transactions. 

5 , In addition, use of a stored-value card is extremely advantageous for small dollar 
amount transactions. Often, consumers are reluctant to use, and merchants are reluctant to 
accept, credit card transactions for small dollar amounts. For the consumer and the 
merchant dealing with many of these small transactions can be a bookkeeping headache and 
may not be worth the expense. A merchant may also be unlikely to accept a credit card for 
10 a small dollar amount transaction because of the service fees per transaction. By permitting 
the use of a stored-value card to make purchases over the Internet for small dollar amounts, 
a merchant may very well be able to begin charging for goods and/or services that he had 
been providing for free in the past. One embodiment of the invention works well with 
purchases of under $10.00, although purchases of any amount may be made, 

1 5 The present invention also provides numerous advantages to merchants who wish 

to sell goods and/or services over the Internet. For example, the present invention provides 
a payment solution for low-value transactions, enabling merchants to offer a wider range of 
digital merchandise. A merchant is also provided a method to recover costs of services not 
previously charged for, and is provided immediate access to an existing, and rapidly 

20 growing, cardholder base. Furthermore, the present invention integrates into an existing 
clearing and administration system meaning that the merchant need not implement or 
become familiar with new procedures for reconciliation of transactions. 

Furthermore, a merchant need only make a minimal investment in time and money to 
take advantage of the present invention and to accept payments over the Internet. The 

25 merchant need not engage in the development of complex software or accounting 

procedures. Thus, smaller merchants will especially benefit from the present invention. 
By establishing a business relationship with an acquirer and incorporating standard 
merchant software, a merchant is ready to begin selling goods and/or services from his web 
site. Because a smart card with a stored-value application is used, the payment server and 

30 the client terminal perform the details of the transaction and a merchant is relieved from 
having to control and keep track of a transaction. Also, the payment server and its 
associated security cards manage and provide security for the transaction. From a 
merchant's point of view, the merchant knows that a consumer desires to purchase an item 
and that a cost has been transmitted to the consumer, thus, when the merchant receives a 

35 confirmation message, the merchant may release the item to the consumer. The merchant 
need not be concerned about security nor be responsible for authenticating a stored-value 
card nor for determining a balance on the card. Of course, a payment server could coexist 



wo 98/49658 



PCT/US98/08806 



along with the merchant server or could even be the same computer. That is, a merchant 
could implement payment server functionality at its own site if it so desired. 

In a second aspect of the present invention, a loading technique allows the consumer 
to conveniently load value on to his or her stored-value card from any suitable device via an 
5 open network such as the Internet, A consumer is allowed to use any suitable computer at 
the home, office or elsewhere in order to connect to his bank or other financial institution. 
Using appropriate message integrity, value is transferred from the bank to the consumer's 
stored-value card At the same time, the corresponding value is transferred from the bank 
to the stored-value card issuer through existing networks for later settlement with a 

10 merchant from whom the consumer purchases goods or services. Advantageously, this 
embodiment makes use of an existing clearing and administration system for eventual 
settlement of the transaction between the merchant and the card issuer. Also, the 
transaction is fully auditable and a log of previous transactions is stored on the card for later 
display. Thus, a consumer may conveniently load value on to his or her card while a high 

1 5 level of security is maintained and the card issuer can take advantage of unspent funds on 
the card. 

From the consumer's perspective, the present invention operates in a fashion 
similar to loading a stored-value card at an ATM machine, except that the consumer need 
not insert cash or an additional debit or credit card, nor need travel to a bank. The loading 
20 functionality is distributed across the Internet between the card reading device located 
where the customer is, a bank server holding the consumer's account, and a load server 
with a host security module that provides security. All of these entities may be physically 
remote from one another with router functionality being provided by the Internet. 

Furthermore, a bank need only make a minimal investment in time and money to take 
25 advantage of the present invention in order to allow its customers to load value from their 
existing accounts over the Internet. The bank need not engage in the development of 
complex custom software or accounting procedures. By incorporating software libraries, a 
bank is ready to begin loading value onto its customer's cards from its web site. 
Preferably, libraries are provided that interface with an existing server at a bank to facilitate 
30 the building of an HTML page. Because a smart card with a stored-value application is 
used, the bank server, load server and client terminal perform the details of the transaction 
and the bank itself is relieved from having to control and keep track of a transaction. Also, 
the load server and stored-value card manage and provide security for the transaction. I.e., 
the bank need not be concerned about security nor be responsible for authenticating a 
35 stored-value card nor for determining a balance on the card. Of course, a load server could 
coexist alongside the bank server or could even be the same computer. That is, a bank 
could implement load server functionality at its own site if it so desired. In a preferred 

10 
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embodiment, the load server and its security module is provided by a separate financial 
institution or by a third-party processor. 

Both of the payment and loading aspects of the present invention provide benefits to 
issuers and acquirers. Expansion of the functionality for a stored-value card increases 

5 revenue opportunities from cardholders and merchants. Also, there may be new merchant 
marketing opportunities for acquirers. The present invention also offers a micro-payment 
solution for electronic commerce without the need to introduce a separate product or brand 
or to establish new service provider relationships. In addition, in one specific embodiment 
of the invention, funds that are loaded onto a card are transferred from the loading bank to 

10 the card issuer so that the issuer may take advantage of the funds on the card until they are 
spent. 

A further advantage of both aspects of the present invention is its ability to minimize 
transaction traffic on the Internet and to minimize the amount of time that a security card (or 
a security module) is tied up with one transaction. In the payment aspect, by emulating 
15 security card commands issued to a stored-value card, a client terminal is able to receive 
and group responses for transmission to a payment server all at once, rather than one-by- 
one over the Intemet. The payment server is then able to emulate a stored-value card as it 
interacts with the security card in delivering the responses to the security card. The result is 
less message traffic over the Intemet, saving time and interrupts. 

20 Also, by delivering an expected stored-value card signature to the payment server, the 

security card is relieved from having to compare the signatures itself, and may release 
sooner and move on to a new transaction. The payment server may also deliver the 
expected stored-value card signature to the client terminal or merchant server for 
comparison, thus reducing to one round trip the message traffic between the payment 

25 server and the client terminal. 

The present invention is suitable for use with any type of stored-value card that is 
able to store an amount and to decrement a value upon a command. In one embodiment of 
the invention, a stored-value card implemented as a processor card works well. Use of a 
processor card has advantages where information processing is done on the card rather than 

30 in the terminal or host computer. Processor cards allow encryption to be done by the card, 
allow generation of signatures, and can accommodate multiple passwords or personal 
identification (such as biometrics that uniquely identify the holder of the card). Processor 
cards also provide increased data security, an anti-fraud capability, flexibility in 
applications, a multi-purpose capability, and off-line validation. Because high 

35 telecommunication costs and/or low reliability of a network may make on-line authorization 
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impractical^ a stored-value card with the capability for performing off-line processing and 
authentication by itself is extremely valuable. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention, together with further advantages thereof, may best be understood by 
5 reference to the following description taken in conjunction with the accompanying 
drawings in which: 

FIG. 1 is a block diagram of an example of a stored-value card useful in 
embodiments of the present invention. 

FIG. 2 is a block diagram of a service payment terminal in which a stored-value card 
10 may be inserted to purchase merchandise. 

FIG. 3 is a block diagram of an example of a clearing and administration system 
useful for reconciling financial transactions received from a service payment terminal. 

FIG. 4 illustrates an architecture and system for payment over the Internet using a 
stored-value card. 

1 5 FIG. 5 illustrates a payment embodiment of the present invention. 

FIG. 6 illustrates another payment embodiment of the present invention in which the 
security card releases earlier. 

FIG. 7 illustrates yet another payment embodiment of the present invention having 
fewer round trip messages between the client terminal and payment server. 

20 FIG. 8 illustrates still another payment embodiment of the present invention in which 

the merchant server compares stored-value card signatures. 

FIG. 9 illustrates an added encryption layer useful for embodiments of the present 
invention. 

FIG. 10 is a flowchart describing a user's perspective of a stored-value card purchase 
25 transaction using the present invention. 

FIGS. 11 A- 1 ID are a flowchart describing the processing of a user purchase using 
an embodiment of the present invention. 

FIG. 12 is a flowchart describing the alternative embodiment of FIG. 6. 
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FIG. 13 is a flowchart describing the alternative embodiment of FIG. 7. 

FIG. 14 is a flowchart describing the alternative embodiment of FIG. 8. 

FIGS. 15A and 15B are a flowchart describing the added security layer of FIG. 9. 

FIG. 16 illustrates an architecture and system for authentication over an internet using 
5 a stored- value card. 

FIG. 17 illustrates a system for loading value onto a stored- value card according to 
one embodiment of the present invention. 

FIGS. 18A-18D are a flowchart describing the loading of a consumer* s stored- value 
card using an embodiment of the present invention. 

10 FIG. 19 is a block diagram of a typical computer system suitable for use in 

embodiments of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 
GENERAL ARCHITECTURE 

The present invention separates the functionahty involved in a transaction using a 
1 5 stored-value card in order to take advantage of the routing capabilities of the Internet. FIG. 
4 illustrates symbolically an architecture 200 for an internet payment system involving a 
smart card, such as a smart card having a stored-value capability. An internet loading 
system is shown in FIG. 17 and may have similar functionality as described below. 
Shown is an internet 202, a client terminal 204, a payment server 206 and a merchant 
20 server 208. Local cardholder functions including a consumer card interface, display and 
accept/cancel options are performed at client terminal 204. Payment functions including 
security card control, data store and use of a concentration point are performed by payment 
server 206. The presentation and eventual delivery of goods and/or services by a merchant 
are performed under control of merchant server 208. The internet 202 performs routing 
25 functions between each entity. It should be appreciated that internet 202 may take the form 
of the Internet currently in use, or may also be any other open network implemented using 
any combination of computer, telephone, microwave, satellite, and/or cable networks. 

Basically, client terminal 204 controls the interaction with a user and interfaces to 
card reader 210 which accepts a smart card having a stored-value application. For 
30 simplicity, throughout the remainder of this specification, card 5 will be referred to as a 
stored-value card (SVC) 5. Payment server 206 communicates directly with a terminal or 
through a concentrator 212 that handles any number of terminals 214-216 each having a 

13 
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security card 218 and 220 respectively. Payment server 206 also communicates with 
concentration point 68 for transmission of transaction data to a clearing and administration 
system. Database 223 stores all suitable information passing through payment server 206 
for each transacdon. Use of such a database allows any number of merchants (or merchant 
5 servers) to use payment server 206 for transactions. Payment server 206 controls payment 
functions such as handling the attached terminals, managing data base 223 and collection 
functions. Merchant server 208 is a site that has contracted with an acquirer to accept 
stored- value card transactions as payments for goods and/or services purchased over the 
Internet. 

10 Stored- value card 5 may take a variety of forms and is useful in many situations 

where it is desirable to store monetary value on a card that a consumer may use. In 
general, a stored-value card is any card or similar device that is able to store a value that is 
decremented when the card is used. The card may be purchased complete with a stored- 
value or value may be later added to the card by a user. Such cards may also have their 

15 value replenished. Of course, a stored-value card need not be in the form of the traditional 
credit card, but could appear in any form and of any material that is able to store value and 
be manipulated by a user for a payment transaction. By way of example, other forms that a 
stored-value card may take are any electronic representations. Further, the functionality of 
stored-value card 5 may be implemented in software on client terminal 204, that is, card 5 

20 may be a "virtual" card. 

A stored-value card may also perform a variety of functions in addition to simply 
storing value. A card may be dedicated to the storing value or may contain memory and 
programs for other applications as well. By way of example, an "electronic wallet" refers 
to a processor card that can execute a variety of financial transactions and identification 
25 functions. Such a card may serve debit, credit, prepayment, and other functions. A stored- 
value card typically includes information such as a bank identifier number, a sequence 
number, a purchase key, a load key, an update key, an expiration date, a transaction 
counter, a session key, etc., in addition to a running balance. 

A stored-value card may also be termed a prepayment card, a cash card, or a 
30 decrement-in-value card. A stored-value card may also be implemented by using a variety 
of card technologies. By way of example, a stored-value card is typically implemented as a 
card containing one or more integrated circuits. One example of an integrated circuit card is 
a memory card that has a semiconductor device for storing information but lacks calculating 
capability. Another example of an integrated circuit card is a processor card that has not 
35 only memory but also a microcontroller to enable the card to make decision. A processor 
card may also be termed a microprocessor card or a "smart card". 
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A processor card may include an encryption module in order to provide a variety of 
security precautions. By way of example, security precautions may include simple PIN 
numbers, biometrics, simple algorithms, or sophisticated algorithms such as the Data 
Encryption Standard (DES) or Rivest, Shamir, Adelman (RSA) encryption. The card is 
5 thus able to use these precautions to verify users, card readers, etc., to validate security 
cards and/or to provide a unique signature. Preferably card 5 includes any number of keys 
known to the card issuer that are used during the course of a payment or load transaction to 
generate signatures for validation of the stored-value card, validation of the security card or 
module, and validation of the system itself. 

10 Client terminal 204 is any suitable device for interacting with a stored- valued card 5 

and for communicating over a network to a payment server or a merchant server. By way 
of example, client terminal 204 may be a mainframe computer, a work station, a personal 
computer, a kiosk, or any type of service payment terminal that a consumer might use to 
purchase goods and/or services. Furthermore, client terminal 204 may also be embodied in 

15 any portable device such as a laptop computer, a cellular telephone, or any variety of a 
personal digital assistant (PDA) such as those made by Apple Computer, Inc. or by U.S. 
Robotics. Card reader 210 is any suitable interface device that functions to transfer 
information and commands between client terminal 204 and stored-value card 5. By way 
of example, card reader 210 may be a card reader manufactured by Fischer-Farr 

20 International of Naples, Florida, by Hewlett-Packard of Palo Alto, California, by 

Schlumberger, by Gem Plus, etc. Card reader 210 may take any variety of forms such as a 
stand alone unit, integrated with the client terminal, attached to the keyboard of the client 
terminal, or even built in to a floppy disk-sized unit capable of being read from a disk drive 
of the client terminal, etc. 

25 Client terminal 204 includes client code module 224 and card reader module 226. 

Reader module 226 may be implemented using any suitable software and libraries for 
communicating with card reader 210 and its actual implementation will depend upon the 
type of card reader used. Client module 224 controls communication between the client 
terminal, the card reader, the payment server and the merchant server. Client module 224 

30 may be implemented using any suitable code. In one embodiment of the invention, client 
module 224 is implemented using a combination of "C" code and a Java applet. The applet 
is also supplemented with parameters from an HTML page sent from the merchant server. 
It is contemplated that Java code works well for implementing the modules on the client, 
payment and merchant servers because it is platform independent, and could even replace 

35 the "C" and "C-H-" code used. 

Client module 224 is also responsible for controlling displays to the user and for the 
interaction between the card and the card reader. The module also builds the draw request 
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message after receiving all of the start-up information from tiie card and the amount of the 
purchase from the merchant server. The client module is able to communicate with all 
components on the Internet, either directly or indirectly. 

Payment server 206 includes payment code module 228 and terminal interface 230. 
5 As with client terminal 204, payment server 206 may be implemented using any suitable 
computer. By way of example, a personal computer works well. There may be one 
payment server for each merchant server or a single payment server may service any 
number of merchant servers. Alternatively, there may be multiple payment servers for a 
single merchant. In addition, payment server 206 need not be remote from merchant server 
10 208 but may be located at the same site and have a different Internet address, or the 

payment server and the merchant server may even be implemented on the same computer. 
Payment server 206 is designed to facilitate the communication between the user's stored- 
value card and a terminal's security card. If a part of a transaction fails to complete, the 
payment server may notify the participating system components. 

15 Payment module 228 may be implemented using any suitable code. By way of 

example, payment module 228 is implemented using a combination of "C" code, "C++" 
code and Java code. Payment module 228 is, in one specific embodiment, a multi-threaded 
process that can service multiple concurrent client applet transactions on demand. The 
module is responsible for controlling all interactions with the terminals and their 

20 concentrator including the transaction collection function. For individual transactions, the 
payment module controls the message flows and logs interim results. When an applet 
connects with the payment server, it creates a transaction thread to support the transaction 
through its life cycle. Each thread, in turn, assigns a terminal for communication. Having 
a one-to-one correspondence between transaction threads and terminals has been found to 

25 provide desirable results. 

Terminal interface 230 is any suitable set of software and libraries for communicating 
with a terminal 214 either directly or, as shown, through terminal concentrator 212. The 
actual implementation of terminal interface 230 will depend upon the type of terminal used. 
A terminal such as 214 may be any suitable terminal such as are known in the art. By way 

30 of example, an iq Delta 2010 terminal made by Schlumberger has been found to provide 
desirable results. Such a terminal may support a variety of commands originating from the 
terminal interface. These commands emulate the normal responses that an attached terminal 
would pass from the stored- value card to the security card. The actual security card 
commands are held in the terminal while the terminal performs the tasks necessary to 

35 simulate the presence of a stored-value card. 
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Security card 218 may be any suitable security card such as are known in the art 
(often referred to as a Purchase Secure Application ModuIe--PSAM). In other 
embodiments, the functionality of security card 218 can be replaced by a hardware security 
module, could be implemented in hardware within the payment server, or could even be 
5 implemented in software. 

By way of example, security card 218 is a removable credit card-sized processor card 
that is programmed to process and store data relating to financial transactions. Security 
card 218 contains a microchip embedded in the card that enables the security card to 
authenticate and to validate the user's stored-value card. If a user stored-value card is 

10 accepted by the security card, and the stored-value card contains sufficient value, the 
security card guarantees that the merchant providing the goods and/or services receives 
payment according to the amount deducted from the stored-value card for the goods and/or 
services rendered. In a preferred embodiment, the security card also contains DES 
purchase security keys and authenticates the stored-value card during a purchase transaction 

15 and secures the payment and collection totals. A security card also stores signature 

algorithms for stored-value cards in use. A security card may also contain a transaction 
identifier for the current transaction, a financial sum of all transactions remaining to be 
settled, a session key, and master keys for all stored-value cards in use. Further, the 
security card may contain generations of keys, blocked card indicators, date of last update, 

20 multiple card programs, different currency rates and additional security. 

Concentration point 68 is a staging computer that communicates with terminals to 
collect batches of purchase transactions. The concentration point then sends these 
transaction batches to a clearing and administration system for processing. Once 
processed, batch acknowledgments, along with other system updates, are sent back to the 
25 terminals via the concentration point. 

Merchant server 208 includes a merchant code module 232. Merchant server 208 
may be implemented upon any suitable computer capable of communicating with and 
presenting information to users over an internet. Merchant code module 232 may be 
implemented using any suitable code. By way of example, merchant module 232 may be 
30 implemented using a combination of Perl, HTML, and Java code. Merchant server 208 is 
typically a generic web server customized for the merchant's business. Merchant server 
208 may include databases, CGI scripts and back-office programs that produce HTML 
pages for an Internet user. 

A brief discussion of the flow of a transaction now follows. During a financial 
35 transaction, the client terminal and merchant server exchange information 234 via internet 
202. Each transaction initiated by a user has a transaction identifier created at the merchant 
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server, and a merchant identifier unique to the payment server is also available from the 
merchant server. Client module 224 and the payment server also use this unique 
transaction identifier for tracking and logging information about the transaction. Merchant 
server 208 generates a unique identification of the transaction, completes other required 
5 parameters, encrypts as appropriate, and builds an HTML page and sends it to the client 
terminal. The client module interacts 235 with the stored-value card and builds a draw 
request message containing related card information, the purchase amount, and other 
information supplied by the merchant server. 

The client terminal then communicates 236 with payment server 206, first by 
10 forwarding the draw request to the payment server. Payment server 206 verifies the 

transaction to determine if it is a valid transaction from a known merchant. The transaction 
is logged into the payment server's transaction database 223. Upon completion of a 
transaction, payment server 206 builds a result message containing the identification of the 
transaction and signs it. The message is then routed to merchant server 208 via client 
1 5 temninal 204. Merchant server 208 then validates the result message. After determining that 
the transaction was successful, merchant server 208 creates an HTML page for the 
purchased information and sends it to client terminal 204. Alternatively, the merchant may 
also deliver purchased goods to the user at this point. It is also possible for the payment 
server and the merchant server to communicate information 238 directly between 
20 themselves. Preferably, as client terminal 204 has already established communication with 
the merchant server and the payment server, links 234 and 236 are used to exchange 
information between the payment server and the merchant server, rather than establishing a 
new link 238. 

USER PERSPECTIVE OF A PAYMENT TRANSACTION 

25 FIG. 10 is a flowchart describing an embodiment of the present invention from a 

user's perspective such as may occur with the embodiment of the invention shown in FIG. 
4. In step 502, a user acquires and adds value to a stored-value card. Alternatively, a user 
may acquire a stored-value card that already contains value. This stored-value card may 
take the form of any of the above-described stored-value cards that are able to store value 

30 and to debit value from the card. In step 504 the user accesses the merchant server web site 
via communication link 234 over the Intemet. This access of a web site may be performed 
in any suitable fashion such as by using any commercially available web browser. In step 
506 the user inserts a stored-value card in card reader 210 at the user's terminal. 
Alternatively, the user may insert the card before accessing the web site, or even after the 

35 selection of goods and/or services from the merchant web site. In step 508 the user 
browses the merchant web site and selects goods and/or services for purchase from the 
merchant using the web site interface that the merchant has provided. The user then selects 
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an appropriate button on the merchant web site to indicate what the user wishes to 
purchase. Next, in step 5 10 the user receives a total sale amount from the merchant server 
and is directed to actuate a button on the web site indicating that the user wishes to proceed 
with the purchase using the stored- value card. 

5 In step 5 1 2 the architecture and system of the present invention (such as is shown 

in FIG, 4, for example) processes the user order by way of the payment server, terminal 
and security card. In step 514, the user's stored- value card is debited by the total sale 
amount and the user receives a "debited" message at the user's terminal. This message is 
optional if the system is designed so as to not inform the user of this debit. In step 516 the 

10 user receives a confirmation message from the merchant server indicating that the 

transaction has been completed. The user may now download the purchased information 
and/or receive a receipt for goods and/or services to be rendered or delivered from the 
merchant at a later date. In step 518 the merchant, via a clearing and administration 
system, receives payment to its bank account for the goods and/or services rendered by 

1 5 way of information collected from the payment server. In one embodiment of the 

invention, an existing clearing and administration system is used, as well as an existing 
methodology for transferring information from a security card for later reconciliation. This 
use of an existing "back end" allows systems of the invention to be implemented quickly 
and cheaply. This approach also ensures that cards used in the system are compatible with 

20 other stored-value terminals. 

DETAILED PAYMENT TRANSACTION FLOW 

FIG. 5 illustrates a detailed embodiment of internet payment architecture 200 having 
client terminal 204, payment server 206 and merchant server 208. A stored-value card 5 is 
in communication with client terminal 204, and a security card 218 inside a terminal 214 is 
25 in communication with payment server 206. Not shown for simplicity in this figure are 

other elements of the system shown in FIG. 4. One embodiment of a technique by which a 
financial transaction may be completed over the Internet will now be described using the 
flowchart of FIGS. 1 1 A through 1 ID with reference to FIG. 5. 

It should be appreciated that a wide variety of terminology may be used to describe 
30 message flow throughout the architecture. For example, the terminology used herein to 
describe the sequential messages draw request, debit, success, and confirmation, may also 
be referred to by the respective terminology: draw request, debit lEP, debit response, and 
debit result (or message result). 

Initially, a suitable web browser of client terminal 204 is used by the user to access a 
35 merchant server web site as indicated by 302. In step 602, the user selects goods and/or 
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services from the merchant site and indicates to the site that die user wishes to purchase 
these items using a stored-value card as indicated at 304. In step 604 the merchant server 
receives this request for a stored-value card transaction. 

In step 606 the merchant server builds an HTML page that includes the following 
5 client applet parameters: the total cost of the transaction as determined by the merchant 
server; the type of currency being used; the port and IP address of the payment server; a 
unique transaction identifier used by both the payment server and the merchant server to 
track a transaction; and a unique merchant identifier assigned to the merchant by the 
acquirer and known to the payment server. Other information may also be included such as 

1 0 the currency's exponent, a status URL address of the merchant server used for 

communication from the client terminal, and a merchant server generated key and other 
security information to ensure the identity of the merchant server and the integrity of the 
message. Other process related information such as software release level, encryption 
methodology and keys may also be conveyed. Once this page has been built, the page is 

1 5 sent 306 to the requesting client browser and triggers the loading of the client code module 
(in this example a Java applet) in the client terminal. 

Some browsers may not allow an applet to invoke a dynamic link library (DLL) due 
to security reasons. In an embodiment of the present invention, the client applet along with 
any DLLs needed are preloaded on the client terminal. Then, the merchant server is 
20 allowed to invoke the client applet and DLLs dynamically to circumvent this security 
precaution. 

In step 608 the client module of the client terminal interacts with stored-value card 5 
to obtain card information 308 in order to build a draw request message for later 
transmission 310 to payment server 206. In one embodiment of the invention, the client 

25 applet loads a local DLL, makes an API call to that library, which in turn makes a call to 
another DLL that finally makes a call to the card reader. In this fashion communication 
with the card is achieved. Once responses from the card are received, the client module 
will also combine these responses into a byte stream suitable for transmission over a 
network to a payment server. Also at this point, the currency type and expiration date on 

30 the card are checked, and the total cost of the ordered merchandise is checked against the 
card balance to ensure that the value on the card is great enough to cover the transaction. If 
the checks are not successful, a message to that effect is delivered to the user and this 
transaction terminates. 

The client module emulates a variety of security card commands to receive responses 
35 from these commands from the stored-value card. Because the stored-value card and the 
security card are now physically separated from one another, and communication takes 
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place over the Internet, it would not be advantageous to engage in numerous commands 
and responses over such an open network. In the interest of speed and reliability, it is 
advantageous to have fewer messages exchanged. 

To operate securely and reliably in this environment, in one embodiment of the 
5 present invention, client module 224 emulates a security card and gathers all the responses 
for transmission in one draw request message. The draw request message may include a 
variety of information including a draw request token, state information, the merchant 
identifier, the transaction identifier, security information, a purse provider identifier, an 
intersector electronic purse (lEP) identifier, an algorithm used by the card, an expiry date, 
10 the balance of the card, a currency code, a currency exponent, the authentication mode of 
the lEP, the transaction number of the lEP, a key version and the purchase amount. As all 
of this information is prepackaged into a single draw request message, the number of 
messages between the stored- value card and the security card over the Internet is greatly 
reduced. 

1 5 In this embodiment, the draw request message is built by packaging the stored-value 

card's response to the "reset" and "initialize" commands and any public key certificates 
along with the total cost and the currency of the transaction received from the HTML page. 
For public key cards, the card and issuer certificates are obtained from read commands and 
may also be included in the draw request. By packaging all of this information together 

20 into one draw request message, it is possible to cut down on the number of messages 
exchanged between the client server and the payment server, and reliability and speed is 
improved. In one embodiment of the invention, an intersector electronic purse (lEP) 
protocol is used to reset and initialize the card and to receive a response. 

Next, in step 610 the client terminal accesses the payment server using the IP address 
25 received from the merchant server. In step 6 1 2 the client terminal sends the draw request 
message to the payment server as indicated at 310. The client terminal also creates a log of 
this message being sent. 

In step 614 the payment server processes the draw request in conjunction with an 
associated security card as will be explained in greater detail below with reference to FIG. 

30 1 ID. Draw request 312 is shown being sent to terminal 214. In one embodiment of the 
invention, the payment server creates a transaction thread for each connected client module 
to service it through the life cycle of the transaction. After step 614, the payment server has 
received a debit command and a security card signature 314 from the security card in the 
terminal. This debit command may also be termed a "debit lEP" command. The security 

35 card signature is a value that uniquely identifies and validates security card 21 8 to prove to 
stored-value card 5 that the incoming debit command is a valid command from a real 
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security card. This validation ensures that when the stored-value card is debited, that the 
financial totals in the security card are updated. Thus, the user of the stored-value card is 
guaranteed that a valid debit of the card has occurred. In a preferred embodiment of the 
invention, the security card signature is an encrypted value ensuring that no other entity can 
5 forge an identity of a security card. 

In step 616 the payment server sends the debit command along with the security 
card signature to the client terminal as indicated at 316 for the stored-value card to debit 
itself. At diis time, the payment server also logs this debit command into its database. 

In step 618, upon receiving the debit command from the payment server, the client 
10 module replaces the amount in the debit command with the original amount (from the 

merchant server) to ensure that the amount has not been tampered with while traveling over 
the network. At this time, the client module also creates a log of the debit command. 
Client module 224 then passes 318 the debit command and security card signature to 
stored-value card 5 which verifies the signature, debits itself by the purchase amount, and 
15 also generates a success message (also termed a "debit response" message) and a stored- 
value card signature. The stored-value card signature is a unique value identifying a valid 
stored-value card. In a preferred embodiment of the invention, this signature is in 
encrypted form to prevent tampering. If card 5 does not have enough value to satisfy the 
purchase amount, then the "debit response" message indicates as such. 

20 In step 620, card 5 sends a success message 320 along with the card signature back 

to client module 224 in client terminal 204. This success message may also be termed a 
"debit response" message. At this point, the purchase amount has been deducted from the 
balance on stored-value card 5. Next, in step 622, client module 224 packages the success 
message along with the card signature and sends them back to payment server 206 as 

25 indicated at 322. Client module 224 also logs the result of this stored-value card debit. 

In step 624 the payment server receives incoming message 322 and creates a log 
and updates the transaction status in its database for future error recovery. The payment 
server then directs this received message to the security card in the terminal as indicated at 
324. Next, in step 626 the security card processes this response from the client's terminal 
30 and verifies the received stored-value card signature. 

As the security card contains the keys and algorithms necessary to compute stored- 
value cai*d signatures, the security card is able to validate that a received stored-value card 
signature is in fact a valid one by comparing this stored-value card signature with a 
generated expected value, A successful comparison indicates that a success message 324 
35 received from the stored-value card is in fact a valid success message and that the stored- 
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value card has been debited. An error result code or a comparison that is not successful 
potentially indicates that the stored-value card has not been debited by the proper amount. 
This comparison of stored-value card signatures by the security card ensures that a stored- 
value card is in fact debited before the merchant server is directed to release the purchased 
5 merchandise. This comparison of the stored-value card signature to an expected value is 
performed by the security card for the highest level of security. As will be described in the 
embodiments of FIG. 6, 7, and 8, this comparison of stored-value card signatures may 
also take place in the payment server, in the client terminal or in the merchant server with a 
variety of other advantages. Assuming that the transaction is so far valid, in step 628 the 
10 security card sends a "confirmation" message back to the payment server as indicated at 
326. This confirmation message may also be termed a "message result." 

In step 630 the terminal updates its data store with the stored-value card number, a 
transaction count, the total sale amount, the response from the security card, and 
transaction numbers from the stored-value card and from the security card. The payment 
1 5 server also logs the response received from the terminal including the merchant identifier, 
etc., as indicated in step 632. Next, in step 634, the payment server creates a confirmation 
message including the transaction identifiers and sends this message to the client terminal in 
encrypted form as indicated at 328. This message 328 may also be termed a "message 
result." 

20 By sending this confirmation message in encrypted form, the confirmation message 

may be passed to the merchant server by way of the client terminal without fear of 
tampering. As the confirmation message is encrypted, it would be extremely difficult for 
the client terminal or another entity to forge a confirmation message and trick the merchant 
server into thinking that a transaction had taken place. In another embodiment of the 

25 invention, if the client terminal is a trusted agent, then the confirmation message need not 
be encrypted. In yet another embodiment, the payment server may sent two confirmation 
messages, one not encrypted for the client to process, and one encrypted for the merchant 
server. FIGS. 15A and 15B present an embodiment in which the payment server sends 
two messages to the client terminal. 

30 At this point, the transaction thread of the payment server that was used for the 

current transaction may release the terminal, thus allowing the terminal to be used by other 
transactions. This transaction thread then exits at this time. 

In step 636 the client terminal then passes this confirmation message 330 on to the 
merchant server at the URL address previously received from the merchant server. 
35 Message 330 may also be termed a "message result." The client may also post a message 
to the user informing that the debit has been completed. The client also logs confirmation 
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of the payment. In step 638 the merchant server registers this confirmation message and 
checks for success. The merchant server calls a validate routine within the merchant code 
module with the confirmation message in order to validate the response from the client. 
The validate routine is able to take the transaction identifier along with the encrypted 
5 confirmation message to decrypt the confirmation message. If the decrypted confirmation 
message is acceptable, the merchant server then determines a successful transaction has 
occurred. Next, in step 640 the merchant server generates an HTML page with the 
purchased information and delivers this information to the client terminal. Alternatively, 
the merchant server may generate a purchase receipt to deliver to the client terminal 
10 indicating goods and/or services to be rendered. At this point, the client terminal may also 
log the merchant server's response. Completion of these steps indicates a successful 
financial transaction over the Internet using a stored-value card. 

Returning now to a more detailed discussion of step 614, FIG. 1 ID describes one 
technique for processing a draw request message in conjunction with a security card. Once 

1 5 this draw request message has been received by the payment server and passed along to the 
terminal, the terminal parses the message back into individual responses and passes these 
responses sequentially to the security card as will be explained below. In an altemative 
embodiment, a dumb terminal is used and the draw request is parsed into its components 
and otherwise processed by the payment server, which then sends the responses to the 

20 security card itself 

In step 680 the payment code module of the payment server edits the draw request for 
syntactic correctness and logs the draw request message as being received. In step 682 the 
draw request is passed to the terminal interface module of the payment server. In one 
specific embodiment, the terminal interface then requests a terminal from the payment 

25 server's terminal pool. The payment server has a pool of terminals connected to the 

terminal concentrator that is established at start-up. At start-up, the payment server receives 
a list of all valid terminal identifiers. The payment server uses these identifiers, and its 
knowledge of transactions in progress to determine an appropriate terminal to process the 
transaction. Once a terminal is determined, the terminal interface builds a terminal specific 

30 message based upon the draw request and the type of terminal. 

In step 686 the terminal specific draw request 312 is sent to the chosen terminal via 
the concentrator over a local area network. The concentrator acts as a router between a 
transaction thread in the payment server and its corresponding terminal. The concentrator 
looks at a header on the draw request to determine to which terminal the transaction should 
35 be routed. In one embodiment of the invention, concentrator 212 is removed and payment 
server 206 communicates directly with terminal 214 (for example). 
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In step 688 the terminal parses the draw request message into its various 
components and processes each component in turn to emulate a stored-value card 
interacting with the security card in a physical terminal. Prepackaging of a variety of 
information into the draw request message results in fewer exchanges over the Internet 
5 between the client terminal and the payment server. By now simulating an interaction, the 
security card behaves as if it were in a physical terminal along with the stored-value card. 
A variety of responses from a stored-value card may be emulated. In this embodiment, the 
terminal sends each of the three packages "answer to reset", "initialize lEP", and "debit" 
down to the security card individually and waits for a return message before sending the 

1 0 next response. For a public key transaction, the certificates read by the client are also 

included as individual responses. In this fashion, even though all of the stored-value card 
information (the draw request) originating from the client terminal has been sent at once in 
prepackaged form over the Internet, the traditional interaction between the stored-value card 
and the security card in a physical terminal may be simulated at the terminal in a remote 

15 location. 

In step 690 the terminal reaches a "draw amount" state, indicating that the security 
card is able to generate a debit command. In step 692, the security card generates its 
security card signature and the debit command. The debit command may also be termed a 
"debit IE?" command. This signature and debit command 3 14 are sent to the terminal. 

20 The debit command issued by the security card may contain a wide variety of information 
including the security card identifier, the transaction identifier, the amount to be debited, the 
currency and currency exponent for the amount, the security card signature, the date, time, 
and location. The terminal in turn, sends the signature, command, and the terminal 
identifier to the payment server as indicated in step 694. The information may be sent to 

25 the payment server as indicated at 314 via a concentrator. At this point, step 614 ends and 
control returns to step 616. 

FIRST ALTERNATIVE PAYMENT EMBODIMENT 

FIG. 6 illustrates an alternative embodiment 200a in which the security card is able to 
be released sooner than the security card of FIG. 5; this embodiment also requires fewer 

30 exchanges between the terminal and the payment server. A security card in a terminal is 
dedicated to a particular transaction from the moment when the terminal interface selects 
that terminal until the security card finally issues a "confirmation" message and is released 
by a terminal interface. Thus, in some circumstances it is desirable to release the security 
card earlier. By releasing a security card earlier, the card is tied up for a shorter time per 

35 transaction and may move on to the next transaction sooner. Also, the less time that a 

terminal is dedicated to a particular transaction, and the fewer messages exchanged between 
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the two, the less likely chance there is of a communication error that might interrupt and 
halt the transaction. 

Embodiment 200a includes a client terminal 204. a payment server 206, a merchant 
server 208, a stored-value card 5, and a terminal 214 having a security card 218. 
5 Communication between the various entities may take place in a similar fashion as in FIG. 
5 as indicated by communication links 234, 235, and 236. However, instead of two round 
trips of information between the terminal and payment server, there is only one round trip 
in this embodiment. 

FIG. 12 is a flowchart that describes a technique for implementing this embodiment 
10 with reference to FIG. 6. Step 702 indicates that communication between the various 

entities takes place in a similar fashion as in FIG. 5 up until the terminal reaches the "draw 
amount" state. At this point, draw request 3 1 2 has been received and processed by the 
security card. Next, in step 704 the security card generates not only the security card 
signature and the debit command, but also an expected stored-value card signature. This 
15 expected stored-value card signature is a value expected by the security card from the 

stored-value card to validate the stored-value card's success message. This validation will 
ensure that the stored-valued card has in fact debited itself. 

In step 706 the security card signature, the debit command and the expected stored- 
value card signature are sent to the payment code module in the payment server as indicated 
20 at 314a. Also, the terminal updates its data store in a similar fashion as in step 630. Next, 
step 708 indicates that the transaction occurs as before with reference to step 616-622, The 
steps indicate that the stored-value card receives the debit command, debits itself, and 
returns the success message (also termed a "debit response" message) and its card signature 
to the payment server. 

25 Next, in step 710 the payment server code module processes this response from the 

stored-value card by comparing 346 the received card signature with the expected stored- 
value card signature received earlier from the security card. This comparison of the two 
signatures by the payment module of the payment server foregoes the need for another 
round trip between the payment server and the security card. Because the security card has 

30 already delivered the expected card signature to the payment server, the security card may 
be released as soon as message 3 14a is received. 

Assuming that the comparison is successful, the payment module is then able to 
generate its own confirmation message instead of waiting for a "confirmation" message 
from the security card. Next, step 712 indicates that the processing continues in a similar 
35 fashion as in steps 632-640. The confirmation message is passed on to the merchant server 
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by way of the client terminal and the merchant server may then deliver the purchased 
merchandise to the user. 

SECOND ALTERNATIVE PAYMENT EMBODIMENT 

In another embodiment 200b of the present invention as illustrated in FIG. 7, not 
5 only is the security card allowed to release earlier, but the number of messages exchanged 
between the client terminal and the payment server are reduced. Instead of comparing 
stored- value card signatures in the payment server, the expected stored-value card signature 
from the security card is transmitted to the client terminal where a trusted agent '^356 
performs the comparison of the expected stored-value card signature with the actual 
10 signature received from stored-value card 5. Thus, message exchange between the client 
terminal and the payment server is reduced to one round trip. This is advantageous in that 
the time for a transaction is reduced, the security card is released earlier and fewer message 
exchanges means more reliability over the Internet. 

Embodiment 200b includes a client terminal 204, a payment server 206, a merchant 
15 server 208, a stored-value card 5, and a terminal 214 having a security card 218. 

Communication between the various entities may take place in a similar fashion as in FIG. 
5 as indicated by communication links 234 and 235. 

FIG. 13 is a flowchart that describes a technique for implementing this embodiment 
with reference to FIG. 7. Step 722 indicates that communication between the various 
20 entities takes place in a similar fashion as in FIG. 5 up until the terminal reaches the "draw 
amount" state. At this point, draw request 312 has been received and processed by the 
security card. Next, in step 724 the security card generates not only the security card 
signature and the debit command, but also an expected stored-value card signature. 

In step 726 the security card signature, the debit command and this expected stored- 
25 value card signature are sent to the payment code module in the payment server as indicated 
in 3 14a, Also, the terminal updates its data store in a similar fashion as in step 630. Next, 
in step 728 the payment server code module sends the debit command, merchant signature 
and expected stored-valued card signature to the client terminal. 

Next, step 730 indicates that the transaction occurs as before with reference to steps 
30 618 and 620. The steps indicate that the stored-value card receives the debit command and 
debits itself. In step 732, the client code module itself compares the actual card signature 
from the stored-value card with the expected signature from the security card. This 
comparison of the two signatures by the client module of the client terminal foregoes the 
need for another round trip between the payment server and the client terminal. Also, 
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Scc^use the security card has already driivered the expected card signature to the payment 
sSrvpf, the security card may be released as soon as message 3 14a is received. 

Assuming that the comparison is successful, the client terminal is then able to 
generate its own Confirmation message in step 734 instead of waiting for a confirmation 
5 message from the payment server. Next, step 736 indicates that the processing continues 
in a similaf fashion as in step5;63 6-640. The confirmation message is passed on to the 
merchant server and the merchant server may then deliver the purchased merchandise to the 
user. 

THIRP ALTERNATIVE PAYMENT EMBODIMENT 

10 FIG. 8 illustiate^ another embodiment 200c of the invention in which the merchant 

server performs iie comparison of the stored-value card signature with the expected 
signature. Th;s embodiment has all of the advantages of the previous embodiment in which 
the security' card is released earlier, and there are also fewer messages passed between the 
entities. In thj^ embodiment, if the client terminal is not to be trusted to compare the stored- 

15 value card signatures, then an encrypted signature is passed to the merchant server via the 
diem tecminal. The client terminal also passes the raw, unencrypted signature from the 
stored-value card to the merchant server. A routine 366 in the merchant server then 
c'.^iTipares the two signatures. 

Embodiment 200c includes a client terminal 204, a payment server 206, a merchant 
26 server 208, a stored-value card 5, and a terminal 214 having a security card 218. 

Communication between the various entities may take place in a similar fashion as in FIG. 
5 as indicated by messages 302-306 and communication link 235. 

FIG. 14 is a flowchart that describes a technique for implementing this embodiment 
with reference to FIG. 8. Step 742 indicates that communication between the various 
25 entities takes place in a similar fashion as in FIG. 5 up until the terminal reaches the "draw 
amount" state. At this point, draw request 312 has been received and processed by the 
security card. Next, in step 744 the security card generates not only the security card 
signature and the debit command, but also an expected stored-value card signature. 

In step 746 the security card signature, the debit command and this expected stored- 
30 value card signature are sent to the payment code module in the payment server as indicated 
in 3 14a. Also, the terminal updates its data store in a similar fashion as in step 630. Next, 
in step 748 the payment server code module sends the debit command, merchant signature 
and an encrypted expected stored-valued card signature to the client terminal. The expected 
stored-valued card signature is encrypted to prevent tampering by the client terminal or 
35 other outside entity. 
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Next, step 750 indicates that the transaction occurs as before with reference to steps 
618 and 620. The steps indicate that the stored- value card receives the debit command and 
debits itself. In step 752, the client code module sends the success message, the raw 
stored- value card signature and the encrypted signature on to the merchant server. In step 
5 754 the merchant server processes the success message, decrypts the encrypted signature, 
and compares the two signatures. This comparison of the two signatures by the merchant 
server foregoes the need for another round trip between the payment server and the client 
terminal. Also, because the security card has already delivered the expected card signature 
to the payment server, the security card may be released as soon as message 3 14a is 
10 received. 

Assuming that the comparison is successful, the merchant server is then able to 
generate its own confirmation message in step 756 instead of waiting for a confirmation 
message from the client terminal. Next, step 758 indicates that the processing continues in 
a similar fashion as in steps 638 and 640. The merchant server may then deliver the 
15 purchased merchandise to the user. In all of the above alternative embodiments, when the 
transaction is not completed successfully, the payment server reverses the transaction 
within the terminal. 

ENCRYPTION LAYER EMBODIMENT 

FIG. 9 illustrates an embodiment 200d of the present invention in which an 
20 encryption layer has been added. Although the present invention may be practiced without 
this added encryption layer, in a preferred embodiment of the invention, this encryption 
layer is used. FIG. 9 includes client terminal 204, payment server 206 and merchant server 
208. Other elements of the architecture have been omitted in this figure for simplicity. 
This extra encryption layer is used not only to protect the contents of messages being 
25 transmitted over the Internet, but also to prevent a client terminal, stored-value card or other 
entity from receiving or producing a message that would trick another entity into thinking 
that a valid transaction had occurred. This encryption also prevents messages from being 
accidentally or deliberately altered or misdirected. 

It should be appreciated that encryption may be present in any embodiment on all 
30 parts of any message sent for security. Preferably, any signature sent over a network is 
encrypted. 

Figures 15A and 15B are a flowchart describing this embodiment of the invention 
with reference to FIG. 9. In step 802, the payment server and the merchant server share a 
unique encryption key. Through a prior business arrangement, both of the servers have 
35 arranged to share this unique key to add security to the transaction. The shared key may be 
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of any suitable encryption standard and of any length. The key may be a Data Encryption 
Standard (DES) key having a length of 128 bits including parity. Although this shared key 
could be used directly, in a preferred embodiment of the invention, there is a derived 
unique key for each transaction between the merchant server and the payment server. 
5 Alternatively, another encryption standard such as RSA may also be used. Preferably, 
loading of value is performed under DES, while a purchase may be performed under either 
DES or public key technology. 

In step 804 the client terminal and the merchant server engage in a protected Secure 
Sockets Layer (SSL) session 404 in which a connection is made, a user browses and 
10 makes a purchase selection. The SSL session protects the information transmitted over the 
Internet such as card information, commands, and encryption keys from being discovered 
by an unauthorized party. Other techniques for protecting a session may also be used. 

In step 806 the merchant server derives a key from die DES key using information 
unique to the transaction such as the merchant identifier, the transaction identifier, or other 

15 information unique to this transaction, such as a random number. Because the payment 
server shares the DES key with the merchant server and also has access to this unique 
information about the transaction, the payment server will also be able to derive this same 
key from the shared DES key. In this step the merchant server also creates a transaction 
session key (TSK) for use by the client terminal and payment server in encrypting 

20 information. 

In step 808 the merchant server downloads an HTML page of information 406 that 
Includes the TSK and the TSK that is encrypted using the derived key (ETSK). The TSK 
encrypted with the derived key will be used by the payment server to return an encrypted 
(and unreadable by the client) confirmation message to the merchant server. Only the 
25 merchant server will be able to decrypt this confirmation message and will thus be 

guaranteed that a successful transaction has occurred and that merchandise may be released 
to the client. 

In step 810, the client prepares the draw request in conjunction with the stored- 
value card and sends the draw request 408 encrypted with the TSK to the payment server 

30 along with the ETSK. In step 8 12 the payment server uses the shared DES key and the 
prearranged information unique to the transaction to derive the same key that the merchant 
server has used. Thus, the derived key can be used to decrypt the ETSK in order to 
produce the TSK. Once the payment server had produced the TSK, it may decrypt the 
draw request and process the draw request in any suitable fashion with the security card, 

35 Once the payment server has received the debit command from the security card, it encrypts 
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the debit command with the TSK. The debit command may also be termed the "debit EEP 
command." 

In step 8 14 the payment server sends the encrypted debit command 410 to the client 
terminal. In step 816 the client decrypts the debit command with the TSK it had received 
5 earlier from the merchant server and processes the debit command in a suitable fashion with 
a stored-value card. Once the client terminal has received the debit response message from 
the stored-value card, it encrypts this message with the TSK and sends the debit response 
message 412 to the payment server. In step 820, the payment server decrypts the debit 
response message with the TSK and processes the debit response message in a suitable 
1 0 fashion with the security card. 

Once the payment server has received a "debit result" message from the security card, 
the payment server encrypts the "debit result" message with the TSK to form a "debit result 
C" message for the client. The "debit result C" message will be used by the client terminal 
to inform the user of a successful transaction. The payment server also generates its own 
1 5 confirmation message and encrypts the confirmation message with the derived key to form 
a "debit result M" message. The payment server then sends 414 the "debit result C" 
message and the "debit result M" message to the client terminal. 

In step 822 the client terminal decrypts and processes the "debit result C" message 
and passes the "debit result M" message 416 on to the merchant server. Because the "debit 

20 result M" message is encrypted with the derived key, the client terminal or other entity is 
not able to tamper with it. In step 824 the merchant server is able to decrypt the "debit 
result M" message because it had originally produced the derived key from the DES key. 
Once the merchant server has determined that a valid "debit result M" message has been 
received, it confirms that a valid transaction has taken place and may release merchandise to 

25 the user. 

This security embodiment of FIG. 9 may be used with any of the previously 
described embodiments of the invention. By way of example, this security embodiment 
may be used with the embodiments of Figures 7 and 8 in which there is only one round trip 
between the client terminal and the payment server. In particular, the expected stored-value 
30 card signature received from the security card may be encrypted with the derived key so 
that it unreadable by the client, yet the merchant server will be able to compare the received 
stored-value card signature with the expected card signature to validate the transaction. 

A wide variety of terminology may be used to describe the keys described above. 
For example, the keys referred to above as shared DES key, transaction session key (TSK) 
35 and derived key, may also be referred to as shared key, session C key and session M key. 



31 



wo 98/49658 



PCTAJS98/08806 



AUTHENTICATION EMBODIMENT 

FIG. 16 illustrates an architecture and system 200' for authentication over an internet 
(such as the Internet) using a pseudo stored-value application. This application could 
reside on a stored-value card along with standard accounts, stored value, or other card 
5 applications. The card defines access to the pseudo stored-value service and ensures that 
the card is present and passes security checks. 

In one embodiment of the present invention, a consumer may wish to access any of a 
variety of Web servers in order to redeem frequent flyer miles, award points, etc., that he 
or she has accumulated. In this embodiment, a consumer has accumulated "points" 

10 through any of a variety of programs with airlines, restaurants, rental car companies, 

hotels, banks, credit or debit card issuers, telephone or other communication company, etc. 
The consumer wishes to redeem these points to receive free airline tickets, meals, car 
rental, overnight stays, prizes, awards, discounts, or other "benefits". By accessing a Web 
server associated with the particular program, the consumer is able to use his or her card in 

15 any of the embodiments described herein to authenticate the card and to receive these 

benefits from the program. Most often, a card has a card number that is associated with the 
consumer's name in a database on the Web server. This card number is transmitted to the 
Web server as part of the card signature, or in a similar fashion. Thus, an authenticated 
card used in this embodiment to redeem services may be matched to the appropriate 

20 consumer. 

For example, a consumer with 30,000 frequent flyer miles on one airline may use 
this embodiment of the present invention to access a Web server associated with the airline. 
The consumer is requesting a free round-trip ticket in exchange for 20,000 miles. The 
present invention then operates to authenticate the consumer's stored-value loyalty 

25 application on the card, and delivers a confirmation of authentication message to the Web 
server for the airline. The Web server then deducts 20,000 miles from the consumer's 
account (leaving 10,000 miles) and delivers the free ticket to the consumer. In one specific 
embodiment, the Web server associated with the airline (or the airline itselO keeps track of 
the consumer's account and deducts the mileage. In this instance, an authentication 

30 application is used to validate the presence of the card or to obtain access to the Web server 
site. 

In another specific embodiment, the consumer's card contains a loyalty application 
that stores the consumer's accumulated frequent flyer mileage; the mileage from the card is 
then debited and confirmed to the Web server in a similar fashion as described in various of 
35 the embodiments by which a cash value is stored on and debited from a card. 
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System 200' may be implemented in a similar fashion as system 200 of FIG. 4. The 
elements shown in system 200' having counterparts in system 200 are described above and 
have similar functionality. System 200' includes a web server 208' that may be any 
suitable computer server capable of presenting award information (hereinafter "benefits") to 

5 a consumer over an open network such as the Internet. Web server 208' may be the same 
as merchant server 208 of FIG. 4 or a separate computer. Preferably, web server 208' is 
implemented in a similar fashion as described above for merchant server 208. Web server 
208' includes server module 232' that is preferably implemented in a similar fashion as 
merchant module 232. Additionally, server module 232' includes functionality to store and 

10 present benefits that are available for particular consumers. For example, benefits available 
such as airline tickets, prizes, etc., may be presented. 

Points (such as frequent flyer miles, for example) that a consumer accumulates to 
achieve benefits may be linked to a particular consumer by an account number, password, 
or other identifier. The amount of points accumulated for each consumer may be stored on 

15 web server 208' using server module 232', or may be located in another database of the 
organization providing the benefits. In an alternative embodiment, these points for each 
program that a consumer is enrolled in are stored in a loyalty application on the consumer's 
card. For example, a consumer may have a stored-value card that in addition to storing 
monetary value, also stores a quantity of frequent flyer miles accumulated for a particular 

20 airline (or a number of airiines), points accumulated for using a particular credit card, 

points for hotel stays at particular hotels, etc. For points stored on the consumer's loyalty 
application card, these points may be verified and debited in much the same way that 
monetary value on the consumer's card is debited as described herein. 

One embodiment by which a consumer has his or her pseudo stored-value application 
25 on a card authenticated to redeem points for benefits will now be explained. In one 

specific embodiment, a technique similar to that described in the flowchart of FIGS. 1 1 A- 
1 ID for debiting monetary value may be used. Initially, a user (consumer) operating client 
terminal 204 accesses web server 208' over link 234', views benefits presented for a 
particular program (such as an airline's frequent flyer program), selects benefits from that 
30 program, and requests the transaction to be performed using his or her pseudo stored-value 
application to validate that the card has access to the services, Web server 208' receives 
and processes this request. The above steps may be performed in a similar fashion as steps 
602 and 604. 

Next, similar to step 606, web server 208' sends a page of information to client 
35 terminal 204. When claiming benefits, the total cost field is zero and the currency field is a 
specially assigned value. Keeping total cost field equal to zero causes the system to 
perform authentication but not to create a payment record. Alternatively, for those user's 

33 



wo 98/49658 



PCT/US98/08806 



whose card holds the amount of their points, additional fields may be sent from server 208' 
to terminal 204 indicating which account to debit and by how many points. The total cost 
and currency fields may be readily adapted for this purpose. 

Next, in a similar fashion to steps 608 - 612, a draw request message is built, and the 
5 draw request is sent to authentication server 206' over link 236'. Similar to step 614, the 
authentication server now processes the draw request in conjunction with security card 218 
(for example) and sends back a "debit" command and a security card signature to 
authentication server 206'. As total cost is zero, the "draw amount" state reached by 
security card 218 is also zero. In the alternative embodiment in which stored-value card 5 
10 stores points for a particular program, total cost may be a value and a "draw amount" state 
may be reached indicating a number of points to be deducted from card 5. 

Next, similar to steps 616-618, authentication server 206' sends the debit command 
and security card signature to client terminal 204 and this information is processed by card 
5. Even though a monetary value is not being debited, card 5 performs processing such as 
1 5 incrementing a counter indicating number of transactions and generating a stored-value card 
signature. In the alternative embodiment in which points are stored on card 5, the points 
needed to redeem the benefit chosen by the user from web server 208' may be debited from 
the appropriate account in this step. 

Steps 620 through 638 are performed in a similar manner as in FIGS. 1 IB and 1 1 C, 
20 except that in this case a monetary transaction is not being verified, but rather card 5 is 

being authenticated to allow the user to complete his access to services or benefits. In step 
626 in particular, the signature of card 5 is verified by security card 218. In this 
embodiment, security card 218 would send an "authentication OK" message rather than the 
"confirmation" message of step 628. Web server 208' then debits the appropriate number 
25 of points from the user's account or allows access to a privileged service for the benefit 
requested. In the alternative embodiment in which points are stored on card 5, the 
"authenticadon OK" message serves not only as an authentication of card 5, but also 
confirmation that the correct number of points have been debited from card 5 for the 
appropriate program. Next, similar to step 640, web server 208' releases the benefit 
30 requested by the user (such as airline tickets, prizes, discounts, etc.) and the benefit is 
arranged to be delivered to the user. 

It should be appreciated that this technique of redeeming points for benefits may also 
be practiced using any of the alternative embodiments of FIGS. 6, 7 or 8, thereby obtaining 
the advantages associated with those embodiments. Furthermore, this technique may take 
35 advantage of the encryption layer embodiment of FIG. 9. Additionally, as described 

34 



wo 98/49658 



PCT/US98/08806 



below, the present invention may also be used to load more points onto card 5 in much the 
same way that monetary value is added. 

LOADING A STORED-VALUE CARD 

FIG. 17 illustrates a system 850 for loading value onto a stored- value card according 
5 to one embodiment of the present invention. System 850 includes a client terminal 204, 
bank server 860 and load server 862. Client terminal 204 communicates with card 5 via 
card reader 210, and with bank server 860 and load server 862 over any suitable open 
network such as Internet 202. Suitable embodiments for the client terminal, the card reader 
and the stored-value card are described above in the description of a payment technique. 

1 0 Preferably, each of client terminal 204, bank server 860 and load server 862 implement a 
code module (similar in operation to the code modules described above) in the Java 
programming language that provides the functionality described below. For simplicity of 
explanation, reference will be made below to "client terminal", "bank server" and "load 
server" even though the resident code is performing the functions. Card issuer 108 has 

15 been described previously in FIG. 3. Card issuer 108 may be a separate financial 

institution from the bank that includes bank server 860, or card issuer 108 may be the same 
bank that includes bank server 860. 

Bank server 860 is any suitable computer within a bank or other financial institution. 
By way of example, bank server 860 is any suitable personal computer, a workstation or a 
20 mainframe computer. In one embodiment, bank server 860 runs a "servlet" program (a 
Java applet running on server) for communication with client 204. 

Load server 862 is also any suitable computer and may be located at a third party 
location (such as at a processor) or may be located within the same bank as bank server 
860. Load server 862 also runs a servlet program for communication with client terminal 
25 204 and host security module 864. In an alternative embodiment, load server 862 and bank 
server 860 are the same computer which runs two different applications representing the 
functionality of each server. 

Host security module (HSM) 864 is a device known in the art that may be embodied 
in a hardware "black box" or on any suitable computer. The host security module can be 

30 implemented in a hardware module outside of load server 862, can be implemented within 
load server 862, can be implemented in software, or can be implemented as a security card 
described above. Host security module 864 contains the encryption keys in hardware used 
for generating signatures (for example SI, S2 and S3) that provide security for the 
transaction. These signatures are used by stored-value card 5 and host security module 864 

35 to insure that the card is not expired or counterfeit (i.e., is a valid card), to insure that 
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module 864 is authentic, to insure that system 850 is authentic and, in general, to provide 
for a valid transaction and to prevent fraud. Card 5 also includes encryption keys for the 
generation of a stored-value card signature. In an alternative embodiment, module 864 
could be replaced by a standard terminal that includes a security card such as is shown in 
5 the previous embodiments. In this situation, the encryption keys would be stored in the 
security card. 

Briefly, system 850 operates as follows. A consumer accesses bank server 860 via 
client terminal 204. Assuming that card 5 is not overloaded and that the user's account 
with the bank has sufficient funds, the user is able to download value via bank server 860 
10 on to his stored-value card 5. Client terminal 204 communicates with load server 862 to 
receive authorization for the load and for higher security. Card 5 may then be used to make 
purchases over the Internet as described earlier in the application or may be used for 
purchases elsewhere. Once the bank has downloaded value to card 5, a corresponding 
amount of funds is transferred from the bank to card issuer 108. 

1 5 Card issuer 108 places these funds in a holding pool. Once stored-value card 5 is 

used to make a purchase from a merchant, the transaction is captured and settled through a 
settlement service, such as VisaNet. The issuer bank decrements the funds pool for the 
amount of the purchase, which is paid to the merchant bank. The merchant bank pays the 
merchant for the transaction. Settlement may occur in any suitable fashion such as is 

20 known in the art and, in particular, may be implemented as previously described in FIG. 3. 

LOADING DETAILED TRANSACTION FLOW 

One embodiment of a technique by which a stored-value card is loaded over the 
Internet will now be described using the flowchart of FIGS. 18A through 18D with 
reference to FIG. 17. Various of the steps below may occur in a different order; the 

25 following description is for illustration purposes. Interaction between client terminal 204 
and bank server 860, and between client terminal 204 and load server 862, is preferably 
implemented in a similar fashion as between client terminal 204 and merchant server 208, 
and between client terminal 204 and payment server 206 as described above, respectively. 
Certain implementation details mentioned above with respect to payment are equally 

30 applicable to loading a stored-value card. Furthermore, the exemplary flow shown in the 
figures illustrates a successful transaction (although a negative result is also explained 
below in the text). For this reason, a "confirmation" message is referred to, which can 
more broadly be referred to as a "result" message (to reflect both the possibilities of success 
and failure of a load). Also, a "load success" message is referred to, which can also be 

35 referred to as a "confirmation" message, to reflect its status as either confirming a positive 
load result or a negative load result. 



wo 98/49658 



PCTAJS98/08806 



Initially, a suitable web browss" of client terminal 204 is used by the user to access a 
bank server Internet site. In step 871 the user selects an option to load value onto card 5. 
In step 872 the bank server sends a request for card information (including current card 
balance and maximum card balance); client terminal 204 reads the current card balance, 
5 currency, and other card inform'alion via card reader 2 1 0 and returns the balance to bank 
server 860. In step 873 the bai^c server determines the maximum load value and verifies 
that enough ftinds are in the user's account to accommodate a load request. 

In step 874 the bank''se;ver builds an HTML page that includes the following client 
applet parameters: the loait value; the type of currency being used; the port and IP address 

10 of the load server; a unique transaction identifier used by both the load server and the bank 
server to t^ack a transactipn; a unique bank identifier assigned to the bank and known to the 
load server; and a session key. Other information may also be included such as the 
currency's exponent, a status URL address of the bank server used for communication 
from the client terfianal, and other security information to ensure the identity of the bank 

IS server and the irffe^rity of the message. Other process related information such as software 
release level, crtcjpj'ption methodology and keys may also be conveyed. Once this page has 
been built, the'l^^ge is sent to the requesting client browser and triggers the activation of the 
client code OiOdule (in this example a Java applet) in the client terminal. 

To Segr™"^ the load value, the bank server requests that the user enter the amount to 
20 load to iiie^ard. Assuming that the user's account is adequate, the bank server requests the 
user's 'account be debited in step 875 by the load value. Advantageously, the debit request 
from th^e bank server can use the existing ATM and accounting systems of the bank to debit 
the tispr*s account. From the bank's point of view, value is being transferred from the 
iv:?Sr^^' dccount much in the same way that value would be transferred to a user in the form 
25 ' i' gash at an ATM. In this situation, though, the value is not being dispensed as cash at an 
ATM, but is being sent over the Internet to a stored-value card. 

In step 876 the client terminal interacts with stored-value card 5 to obtain card 
information in order to build a load request message for later transmission to load server 
862. Once responses from the card are received, the client terminal combines these 
"30 responses into a byte stream suitable for transmission over a network to a load server. 

The client terminal emulates a variety of host security module 864 commands to 
receive responses from these commands from the stored-value card. The stored-value card 
and the security module are physically separated from one another; communication takes 
place over the Internet. In the interest of speed and reliability, it is advantageous to have 
35 only the traditional authentication, response, and confirmation messages exchanged. 
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To operate securely aad reliably in this environment, in one embodiment of the 
present invention the clienV'terminal emulates a security module and gathers all the 
resDonses for transmission, into one load request message. The load request message may 
Include a variety of infcmiation and preferably includes a first card signature (termed S 1 ), a 
5 card number, an expirj^ flate, and a load amount. Other information such as the security 
algoritUm, transaction jgounter. cunrent card balance, and bank server time stamp are also 
preferably provided, e 

As all of this-information is prepackaged into a single load request message, the 
number of mes^.a^?s exchanged between the stored-value card and the security module over 
10 the internet is vajnimized. 

Next Att/Step 877 the client terminal accesses the load server using the IP address 
received fryip.the bank server. In step 878 the client terminal sends the load request 
message xoV^ load server. In step 879 the load server processes the load request in 
cOnjunriVip.n'with an associated host security module 864 as will be explained in greater 

1 5 detai?. bejow with reference to FIG. 1 8D. After step 879, the load server has received an 
issue-i- jeoarity module signature (termed S2) as part of a load command from the security 
module 864. The security module signature is a value that uniquely identifies and validates 
tiW^ecurity module to prove to stored-value card 5 that the incoming load command is a 
command from a real security module. Thus, the user of the stored-value card, and 

20 other interested parties are guaranteed that a valid load of the card has occurred. In a 

preferred embodinient of the invention, the security module signature is an encrypted value 
ensuring that no other entity can forge an identity of a security module. 

In step 880 the load server sends the load command including with the security 
module signature to the client terminal for the stored-value card to load itself. In step 881, 
25 upon receiving the load command from the load server, the client terminal passes the load 
command to stored-value card 5 which verifies the signature, loads itself by the load value, 
and also generates a load success message, a second stored-value card signature (termed 
S3), and a result code indicating success or failure of the load. In a preferred embodiment 
of the invention, this signature is in encrypted form to prevent tampering. 

30 In step 882, card 5 sends load success message containing the card signature (S3) 

and result code back to client terminal 204. Next, in step 883 client terminal 204 packages 
the load success message along with the card signature and sends them back to load server 
862. In step 884 the load server receives the incoming message. The load server then 
processes the message into its components and directs the components to the security 

35 module. Next, in step 885 the security module may process this response from the client's 
terminal and verify the received stored-value card signature (S3). 
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As the security module contains the keys and algorithms necessary to compute 
stored-value card signatures, the security module is able to validate that a received stored- 
value card signature is in fact a valid one by comparing the received stored-value card 
signature with a generated expected value. A successful comparison indicates that a load 
5 success message received from the stored-value card is in fact a valid success message and 
that the stored-value card has been loaded. Assuming that the transaction is so far valid, in 
step 886 the security module sends a "confirmation" message back to the load server. 

It is possible that the stored-value card has not been loaded by the proper amount, 
that the card is invalid, a user is fraudulent or another discrepancy. For example, it is 
1 0 possible that a user has tampered with the card to make it appear that a load has not 

occurred, when in fact a load has occurred. In this situation, processing in step 882 and 
on is slightly different. For example, instead of generating a "load success" message, the 
card my generate a "negative result" code, potentially indicating that the card has not been 
loaded. Processing of this situation would then occur as follows. 

1 5 In step 882, card 5 sends a load message containing the result code and stored-value 

card signature S3 back to client terminal 204. Client terminal 204 recognizes a negative 
result code, and invokes negative result handling. Client terminal 204 interacts with card 5 
and generates a new load request for a zero value load using elements from the original 
request, along with a new card signature S 1 . 

20 The negative result code, along with the signatures S3 and new S 1 , and the zero 

value load request are passed to the load server for analysis. The load server determines if 
the transaction counter in the zero value load equals the transaction counter in the previous 
request, along with verifying other pertinent information such as date and time, card 
number, and currency code and exponent. If the transaction counters are the same, then it 

25 is possible that a valid negative result has been received, but it should be verified because 
the client is not trusted. If the counters are equal, the load server will hold the original S3 
and will generate a new load request to the security module using data element values that 
would have been expected if the original transaction had failed. The new load request 
along with the new SI is sent to the security module. The security module then compares 

30 the original S 1 (from the original load request) to the new S 1 . If S 1 is valid, then the 

original negative result is true and the security module generates a signature to confirm to 
the load server that there was no load. The original negative result from the card is then 
released to the security module to complete the original transaction. Processing would 
continue, but a user account would not be debited, and no settlement need occur because 

35 the card was, in fact, not loaded. If SI is not valid, the negative response is not true and 
then the result code in the original request is changed to reflect a successful load and passed 
to the security module. Processing then continues reflecting that a load has occurred. 
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On the other hand, if the transaction counters are not the same, then it is still possible 
that a valid negative result has been received, but it should be verified because the client is 
not trusted. First, the load server decreases the transaction counter in the new load request 
to match that of the original. The request along with the new S 1 is passed to the security 
5 module. The security module calculates its own new S 1 based upon the modified new load 
request. If there is no match, it means that the negative result was in error and that the card 
had been loaded. Processing continues to reflect a loaded card. If there is a match, it 
means the negative result was correct and that the transaction counter had been increased 
by accident. The user account is not debited, and not settlement occurs. 

10 Returning now to further processing, in step 887 the load server logs the response 

received from the security module and updates its database with the transaction identifier, 
the bank identifier, the load value, etc. In general, any of the plethora of information 
passing through the load server may be added to its database. Next, in step 890 the load 
server creates a confirmation message including the transaction identifier and sends this 

1 5 message to the client terminal in encrypted form. By sending this confirmation message in 
encrypted form, the confirmation message may be forwarded to the bank server by way of 
the client terminal without fear of tampering. As the confirmation message is encrypted, it 
would be difficult for the client terminal or another entity to forge a confirmation message 
and trick the bank server into thinking that a valid load had taken place. 

20 In step 891 the client terminal forwards the confirmation message on to the bank 

server at the URL address previously received from the bank server The client terminal 
may also post a message to the user informing that the load has been completed. The client 
terminal also logs confirmation of the load. In step 892 the bank server registers the 
confirmation message. The bank server calls a routine to decrypt the confirmation 

25 message. If the decrypted confirmation message is acceptable, the bank server determines 
a successful load has occurred. The confirmation message provides assurance to the bank 
that the user's card was in fact loaded with a particular value and prevents fraud. For 
example, a fraudulent user who tries to claim that his bank account was decremented and 
his card not loaded (and should thus receive more money from the bank) would be 

30 thwarted because the confirmation message proves that the user's card was in fact loaded. 
Alternatively, the "confirmation" message may indicate that a load did not occur, in which 
case the account would not be debited, and no settlement would occur. 

At this point a successful load of the user's card has occurred (assuming all is well). 
For example, if the user had requested $100, that amount has been decremented from the 
35 user's account at the bank, and $100 has been loaded onto the user's stored-value card. 
Preferably, at this point the amount loaded (in this example $100) is transferred from the 
bank to the stored-value card issuer preferably through an existing network. The $ 100 is 
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transferred so that the card issuer may manage the float on these unspent funds until the 
user spends the $100. Once the $100 (or a smaller portion) has been spent with a 
merchant, the card issuer is then able to settle the transaction with the merchant using any 
suitable clearing and administration system. In alternative embodiment, the bank may 
5 retain the $ 100 and settle directly with the merchant. In another embodiment, die bank and 
the card issuer are the same financial institution, and the $100 may be shifted between parts 
of the organization or remain in place. 

Returning now to a more detailed discussion of step 879, FIG. 1 ID describes a 
technique for processing a load request message in conjunction with a security module. 
1 0 Once the load request message is received by the load server, the load server parses it into 
the appropriate elements and passes a request to the security module as will be explained 
below. Alternatively, die load server can build a network message and switch the request 
to a remote authentication server. Or, a smart terminal could parse the message and pass 
responses to the security module. 

1 5 In step 895 the load server edits the load request for syntactic correctness and logs the 

request as received. In step 896 the load server constructs a load request message. In step 
897 the load server passes the load request to the security module to emulate a stored- value 
card interacting with the security module. The load server behaves as if a stored-value card 
were actually interacting in an ATM (for example) through a network to a host with a 

20 security module. In this fashion, the load request originating from the client terminal has 
been sent in prepackaged form over the Internet emulating a traditional interaction between 
the stored-value card in an ATM. 

In step 898. the security module verifies the received stored-value card signature (SI) 
to prevent fraud. The security module generates its security module signature (termed S2) 

25 and the load command. The signature S2 will confirm to the client terminal and the stored- 
value card that the host security module is authentic and belongs to the issuer of the stored- 
value card. Additionally, S2 protects against a user trying to perform a fake load, keys out 
of synchronization, a counterfeit card, an expired card, etc. The security module then sends 
the signature and load command to the load server as indicated in step 899. At this point, 

30 step 879 ends and control returns to step 880. 

In another embodiment of the loading technique, a consumer may wish to access any 
of a variety of Web servers in order to load frequent flyer miles, award points, etc., that he 
or she has accumulated. A technique for authentication and redemption of such "points" is 
described above. In the loading embodiment, a consumer has accumulated points through 
35 any of a variety of programs with airlines, restaurants, rental car companies, hotels, banks, 
credit or debit card issuers, telephone or other communication companies, etc. These 
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points are stored by the particular airline, etc., that has issued them. The consumer wishes 
to load these points onto his or her stored-value card in order to redeem them elsewhere; 
thus receiving airline tickets, meals, car rental, overnight stays, prizes, awards, discounts, 
or other benefits. By accessing an Internet server associated with the particular program, 
5 the consumer is able to load his or her stored-value card in any of the embodiments 

described herein to receive the benefits of the program, much in the same way that currency 
is loaded. 

COMPUTER SYSTEM EMBODIMENT 

FIG. 19 illustrates a computer system 900 suitable for implementing an embodiment 
10 of the present invention. Computer system 900 includes any number of processors 902 
(also referred to as central processing units, or CPUs) that are coupled to storage devices 
including primary storage 906 (such as random access memory, or RAM) and primary 
storage 904 (such as a read only memory, or ROM). As is well known in the art, primary 
storage 904 acts to transfer data and instmctions uni-directionally to the CPU and primary 
1 5 storage 906 is used typically to transfer data and instructions in a bi-directional manner. 
Both of these primary storage devices may include any suitable of the computer-readable 
media described below. A mass storage device 908 is also coupled bi-directionally to CPU 
902 and provides additional data storage capacity and may also include any of the 
computer-readable media described below. Mass storage device 908 may be used to store 
20 programs, data and the like and is typically a secondary storage medium (such as a hard 
disk) that is slower than primary storage. It will be appreciated that the information 
retained within mass storage device 908, may, in appropriate cases, be incorporated in 
standard fashion as part of primary storage 906 as virtual memory. A specific mass storage 
device such as a CD-ROM 914 passes data uni-directionally to the CPU. 

25 CPU 902 is also coupled to an interface 910 that includes one or more input/output 

devices such as such as video monitors, track balls, mice, keyboards, microphones, touch- 
sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, 
styluses, voice or handwriting recognizers, biometrics readers, or other computers. CPU 
902 optionally may be coupled to another computer or telecommunications network using a 

30 network connection as shown generally at 912. With such a network connection, it is 
contemplated that the CPU might receive information from the network, or might output 
information to the network in the course of performing the above-described method steps. 
Furthermore, method embodiments of the present invention may execute solely upon CPU 
902 or may execute over a network connection such as the Internet in conjunction with a 

35 remote CPU that shares a portion of the processing. 
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In addition, embodiments of the present invention further relate to computer storage 
products with a computer readable medium that have program code thereon for performing 
various computer-implemented operations. The media and program code may be those 
specially designed and constructed for the purposes of the present invention, or they may 
5 be of the kind well known and available to those having skill in the computer software arts. 
Examples of computer-readable media include, but are not limited to: magnetic media such 
as hard disks, floppy disks, and magnetic tape; optical media such as CD-ROM disks; 
magneto-optical media such as floptical disks; and hardware devices that are specially 
configured to store and execute program code, such as application-specific integrated 
10 circuits (ASICs), programmable logic devices (PLDs) and ROM and RAM devices. 
Examples of program code include machine code, such as produced by a compiler, and 
files containing higher level code that are executed by a computer using an interpreter. 

Although the foregoing invention has been described in some detail for purposes of 
clarity of understanding, it will be apparent that certain changes and modifications may be 

15 practiced within the scope of the appended claims. For instance, any suitable stored-value 
card capable of loading, storing and decrementing value on command may be used with the 
present invention. Also, any network capable of performing routing functionality between 
a client terminal and a load and bank server may be used. Furthermore, the security 
module may be a physically separate module, a card located in a terminal attached to a load 

20 server, or its functionality may be incorporated directly into a load server in hardware or 
software. And although the client terminal may be used to route messages between the 
bank server and load server, both of these servers may also communicate directly between 
themselves, and may even be the same computer. The specific messages shown passing 
between the computers are exemplary, and other types of messages may be used. A 

25 specified load request is shown, but other information may also be loaded onto a stored- 
value card using a security module emulation and then sent packaged as one message to the 
security module over a network. In addition to monetary value, other types of value such 
as electronic cash, checks, awards, loyalty points, benefits, etc., may be loaded onto a 
card, and the term "value" is intended to broadly cover all these various types. Any 

30 suitable type of encryption may be used to encrypt messages passing between the 

computers. Therefore, the described embodiments should be taken as illustrative and not 
restrictive, and the invention should not be limited to the details given herein but should be 
defined by the following claims and their full scope of equivalents. 
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CLAIMS 

1 . A network payment system for transacting a sale of merchandise over a network 
using a stored-value card, said network payment system comprising: 

a router for routing communication between entities attached to said network; 

5 a merchant server in communication with said network, said merchant server 

having at least a first item of merchandise for sale; 

a client terminal in communication with said network, said client terminal including 
a card reader for communicating with said stored-value card, an output device for 
reviewing said first item for sale, and an input device for initiating a purchase transaction to 
1 0 purchase said first item for sale; and 

a payment server in communication with said network, said payment server 
including an interface for communicating with a security card and being arranged to receive 
a purchase message including an indication of said purchase transaction and to transmit a 
confirmation message to said merchant server over said network, whereby said merchant 
15 server is authorized to release said item of merchandise to a user associated with said 
stored-value card. 

2. A network payment system as recited in claim 1 wherein said network is an internet 
and said merchant server includes a merchant web site for advertising said first item for sale 
over said internet. 

20 3 . A network payment system as recited in any of claims 1 or 2 wherein each of said 
client terminal, said merchant server and said payment server are at a separate location and 
communicate over said network. 

4. A network payment system as recited in any of claims 1-3 wherein said stored- 
value card and said security card are both also suitable for use in an integrated service 

25 payment terminal, and said network payment system further comprises: 

a clearing and administration system for reconciling a plurality of transactions over 
said network. 

5 . A network payment system as recited in any of claims 1-4 wherein said client 
terminal further includes a command emulator for emulating security card commands that 

30 are sent to said stored-value card and for grouping responses to said security card 
commands into a draw request message to be sent to said payment server, and said 
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payment server includes a response emulator for emulating responses from said stored- 
value card that are sent to said security card. 

6 . A network payment system as recited in any of claims 1-5 wherein said payment 
server includes a comparator for comparing a stored- valued card signature received from 

5 said stored-value card with an expected signature received from said security card to 
confirm a transaction, whereby the message traffic between said payment server and said 
security card is reduced. 

7 . A network payment system as recited in any of claims 1 -5 wherein said client 
terminal includes a comparator for comparing a stored-valued card signature received from 

10 said stored-value card with an expected signature from said security card received via said 
payment server to confirm a transaction, whereby message traffic between said payment 
server and said client terminal, and between said payment server and said security card is 
reduced. 

8 . A network payment system as recited in any of claims 1-5 wherein said merchant 
1 5 server includes a comparator for comparing a stored-valued card signature received from 

said stored-value card with an expected signature from said security card received via said 
payment server, whereby a transaction is confirmed and whereby message traffic from said 
payment server, and between said payment server and said security card is reduced. 

9. A computer-implemented method of selling merchandise over a network using a 
20 merchant server, said merchandise for purchase by a user with a stored-value card, said 

method comprising: 

establishing communication between said merchant server and a client over said 
network; 

receiving a request from said client to purchase an item available from said merchant 

25 server; 

transmitting to said client a purchase amount of said item so that said client may 
debit a stored-value card associated with said client by said amount; 

transmitting said amount, a transaction identifier and a merchant identifier to a 
payment server connected to said network, said transaction identifier uniquely identifying 
30 the purchase of said item and said merchant identifier uniquely identifying said merchant 
server to said payment server; and 

a confirmation step for performing the function of confirming said purchase of said 
item to said merchant server, whereby said merchant server is informed that said sale of 
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said item is a success and said merchant server may release said item to said user associated 
with said stored-value card. 

10. A method as recited in claim 9 wherein said network is an internet, wherein said 
merchant server includes a merchant web site for advertising said merchandise over said 

5 internet, wherein said client and said merchant server are at separate locations and said 
recited steps of said method occur over said internet. 

11. A method as recited in any of claims 9 or 10 further comprising: 

transmitting a key to said client for encrypting a draw request message to be sent to 
said payment server from said client terminal; 

10 providing said key to decrypt said encrypted draw request message to said payment 

server without sending said key in the clear to said payment server; and 

receiving an encrypted transaction confirmation message from said payment server 
that is encrypted by a key shared between said merchant server and said payment server. 

12. A method as recited in any of claims 9-1 1 wherein said step of transmitting said 
1 5 purchase amount and said confirming step are routed through said chent to provide 

communication between said merchant server and said payment server, whereby the 
number of communication links is reduced. 

13. A computer-implemented method of transacting a sale of merchandise over a 
network using a client terminal in association with a stored-value card, said method 

20 comprising: 

transmitting over said network a request from said client terminal to purchase an 
item available from said merchant server; 

receiving from said merchant server an amount of a cost of said item; 

sending a draw request message to a payment server connected to said network so 
25 that said draw request may be processed by a security card associated with said payment 
server; 

receiving a debit command from said payment server; 

debiting said stored-value card associated with said client terminal by said amount; 

and 



46 



wo 98/49658 



PCTAJS98/08806 



sending confirmation information to said merchant server, whereby said merchant 
server is informed that said sale of said item is a success and said merchant server may 
release said item to a user associated with said stored-value card. 

14. A method as recited in claim 13 wherein said network is an internet, wherein said 
5 merchant server includes a merchant web site for advertising sdd merchandise over said 

internet, wherein said client terminal and said merchant server are at separate locations and 
said recited steps of said method occur over said internet. 

15. A mediod as recited in any of claims 13 or 14 further comprising: 

emulating security card commands that are sent to said stored-value card associated 
1 0 with said client terminal; and 

grouping responses to said security card commands into said draw request message 
so that said responses may be sent as a group to said payment server to reduce network 
traffic between said payment server and said client terminal. 

16. A method as recited in any of claims 13-15 wherein said confirmation information 
15 includes an encrypted confirmation message unreadable by said client terminal, said method 

further comprising: 

receiving said encrypted confirmation message from said payment server. 

17. A method as recited in any of claims 13-15 wherein said confirmation information 
includes a confirmation message, said method further comprising: 

20 receiving an expected stored-value card signature from said security card via said 

payment server; 

receiving an actual stored-value card signature from said stored-value card; 

comparing said actual stored-valued card signature received from said stored-value 
card with said expected stored-value card signature from said security card; and 

25 generating said confirmation message for transmission to said merchant server, 

whereby message traffic between said payment server and said client terminal, and between 
said payment server and said security card is reduced. 

18. A method as recited in any of claims 13-15 further comprising: 

receiving an encrypted stored-value card signature from said security card via said 
30 payment server that is unreadable by said client terminal; 

47 



wo 98/49658 



PCT/US98/08806 



receiving a raw stored-value card signature from said stored-value card; and 

transmitting to said merchant server as said confirmation information said encrypted 
stored-value card signature and said raw stored-value card signature for comparison by said 
merchant server, whereby message traffic between said payment server and said client 
terminal, and between said payment server and said security card is reduced. 

19. A method as recited in any of claims 13-18 further comprising: 

receiving a security card signature for validating said security card to said stored- 
value card, said security card signature being received in the same message from said 
payment server as said debit command; and 

receiving an expected stored-value card signature for comparison to an actual 
stored-value card signature, said expected stored-value card signature being received in the 
same message from said payment server as said debit command, whereby message traffic 
between said payment server and said client terminal, and between said payment server and 
said security card is reduced. 

20. A computer-implemented method of managing a transaction between a client 
terminal and a merchant server connected over a network, said transaction being managed 
by a payment server also connected to said network, said method comprising: 

receiving a draw request over said network, said draw request including an amount 
indicative of a cost of an item available from said merchant server, a transaction identifier 
uniquely identifying the purchase of said item, and a merchant identifier uniquely 
identifying said merchant server to said payment server; 

sending said draw request to a security card associated with said payment server so 
that said draw request may be processed by said security card; 

receiving a debit command from said security card; 

sending said debit command from said payment server destined to said client 
terminal over said network so that a stored-value card associated with said client terminal 
may be debited by said amount; and 

a confirmation step for performing the function of confirming said purchase of said 
item to said merchant server, whereby said merchant server is informed that said purchase 
of said item is a success and said merchant server may release said item to a user associated 
with said stored-value card. 
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21. A method as recited in claim 20 wherein said network is an internet, wherein said 
merchant server includes a merchant web site for advertising said item over said internet, 
wherein said client terminal and said merchant server are at separate locations and said 
recited steps of said method occur over said internet. 

22. A method as recited in any of claims 20 or 21 wherein said stored-value card and 
said security card are both also suitable for use in an integrated service payment terminal, 
said method further comprising: 

sending transaction information regarding said sale of said item to a clearing and 
administration system for reconciling said sale. 

23 . A method as recited in any of claims 20-22 further comprising: 

receiving as part of said draw request responses from said stored-value card to 
security card commands that have been emulated by said client terminal; and 

emulating said stored-value card responses in an interaction with said security card 
to receive responses from said security card, whereby network traffic between said 
payment server and said client terminal is reduced. 

24. A method as recited in any of claims 20-23 wherein said confirmation step includes 
the sub-steps of: 

receiving a signature from said stored-value card associated with said client 
terminal; 

sending said signature to said security card; 

receiving a transaction OK message from said security card; and 

sending a confirmation message destined for said merchant server. 

25. A method as recited in any of claims 20-23 wherein said confirmation step includes 
the sub-steps of: 

receiving a signature from said stored-value card associated with said client 
terminal; 

comparing said received signature with an expected signature received from said 
security card; and 
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sending a confirmation message destined for said merchant server, whereby 
message traffic between said security card and said payment server is reduced. 

26. A method as recited in any of claims 20-23 wherein said confirmation step includes 
the sub-steps of: 

5 receiving an expected signature of said stored- value card from said security card; 

and 

sending said expected signature to said client terminal so that said client terminal 
may compare said expected signature to an actual signature of said stored-value card, 
whereby message traffic between said security card and said payment server, and between 
1 0 said client terminal and said payment server is reduced. 

27. A method as recited in any of claims 20-23 wherein said confirmation step includes 
the sub-steps of: 

receiving an expected signature of said stored-value card from said security card; 
encrypting said expected signature so as to be unreadable by said client terminal; 

15 and 

sending said encrypted expected signature to said client terminal for resending to 
said merchant server so that said merchant server may compare said expected signature to 
an actual signature of said stored-value card, whereby message traffic between said security 
card and said payment server, and between said client terminal and said payment server is 
20 reduced. 

28 . A method as recited in any of claims 20-27 further comprising: 

sending a security card signature for validating said security card, said security card 
signature being sent in the same message destined to said client terminal as said debit 
command; and 

25 sending an expected stored-value card signature for comparison to an actual stored- 

value card signature, said expected stored-value card signature being sent in the same 
message destined to said client terminal as said debit command, whereby message traffic 
between said payment server and said client terminal, and between said payment server and 
said security card is reduced. 
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29. A computer-implemented method of interacting with a stored-value card by a client 
terminal to facilitate the sale of an item of merchandise over a network, said method 
comprising: 

receiving a purchase amount for said item of merchandise from a merchant server 
5 connected to said network; 

emulating a plurality of security card commands that are sent to said stored-value 
card associated with said client terminal; 

receiving a plurality of responses to said security card commands from said stored- 
value card; 

10 grouping said responses to said security card commands from said stored-value 

card together with said purchase amount to form a draw request message; and 

sending said draw request message to a payment server over said network so that 
said draw request may be processed by a security card associated with said payment server 
to facilitate said sale of merchandise over said network, whereby network traffic between 
1 5 said payment server and said client terminal is reduced. 

30. A method as recited in claim 29 wherein said network is an internet, wherein said 
merchant server includes a merchant web site for advertising said merchandise over said 
internet, wherein said client terminal and said merchant server are at separate locations and 
said recited steps of said method occur over said internet. 

20 31. A method as recited in any of claims 29 or 30 further comprising: 

receiving a debit command from said payment server destined for said stored-value 
card, said debit command being generated by said security card; 

receiving a security card signature for validating said security card to said stored- 
value card, said security card signature being received in the same message from said 
25 payment server as said debit command; and 

receiving an expected stored-value card signature for comparison to an actual 
stored-value card signature, said expected stored-value card signature being received in the 
same message from said payment server as said debit command, whereby message traffic 
between said payment server and said client terminal, and between said payment server and 
30 said security card is reduced. 
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32 . A computer-implemented method of interacting with a security card to facilitate the 
sale of merchandise over a network, said method comprising: 

receiving a draw request message from a client terminal over said network, said 
draw request message including a plurality of responses from a stored- value card generated 
5 in response to emulation of security card conunands, and also including a purchase amount 
for said merchandise, whereby network traffic between said payment server and said client 
terminal is reduced; 

emulating said stored- value card responses in an interaction with said security card 
associated with said payment server; 

10 receiving a plurality of security card responses from said security card in response 

to said emulation; and 

sending a debit command destined to said client terminal over said network so that 
said debit command may be processed by said stored-value card associated with said client 
terminal to facilitate said sale of merchandise. 

15 33. A method as recited in claim 32 wherein said network is an internet to which is 
connected a merchant server having a merchant web site for advertising said merchandise 
over said internet, wherein said client terminal and said merchant server are at separate 
locations and said recited steps of said method occur over said internet. 

34. A method as recited in any of claims 32 or 33 further comprising: 

20 a confirmation step for performing the function of confirming said sale of 

merchandise to said merchant server, whereby said merchant server is informed that said 
sale of said item is a success and said merchant server may release said merchandise to a 
user associated with said stored-value card. 

35 . A method as recited in any of claims 32-34 further comprising: 

25 sending a security card signature for validating said security card, said security card 

signature being sent in the same message destined to said client terminal as said debit 
command; and 

sending an expected stored-value card signature for comparison to an actual stored- 
value card signature, said expected stored-value card signature being sent in the same 
30 message destined to said client terminal as said debit command, whereby message traffic 
between said payment server and said client terminal, and between said payment server and 
said security card is reduced. 
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36. A loading system for loading value over a network onto a stored- value card, said 
loading system comprising: 

a router for routing communication between entities attached to said network; 

a bank server in communication with said network, said bank server arranged to 
5 debit a user account by an indicated value; 

a client terminal in communication with said network, said client terminal including 
a card reader for communicating with a stored-value card and an input device for indicating 
a value to debited from said user account; and 

a load server in communication with said network, said load server including an 
10 interface for communicating with a security module and being arranged to receive a load 
request including a stored-value card signature and being further arranged to transmit a 
confirmation message to said bank server over said network, thereby assuring that said 
stored-value card has been loaded by said indicated value. 

37. A loading system as recited in claim 36 wherein said network is an internet and said 
1 5 bank server includes a bank web site for accepting a load request. 

38. A loading system as recited in any of claims 36 or 37 wherein said client terminal 
and said bank server are at separate locations and communicate over said internet. 

39. A loading system as recited in any of claims 36-38 further comprising: 

a clearing and administration system for reconciling said debit of said user account 
20 with a purchase using said stored-value card. 

40. A loading system as recited in any of claims 36-39 wherein said client terminal 
further includes a command emulator for emulating security module commands that are sent 
to said stored-value card and for grouping responses to said security module commands 
into a load request message to be sent to said load server, and wherein said load server 

25 includes a response emulator for emulating responses from said stored-value card that are 
sent to said security module. 

41. A loading system as recited in any of claims 36-40 wherein said security module 
includes a comparator for comparing a stored- valued card signature received from said 
stored-value card with an expected signature to confirm a transaction. 

30 42. A computer-implemented method of loading a stored-value card over a network 
comprising: 
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establishing communication between a bank server and a client over a network; 

receiving a request from said client to load value onto a stored-value card; 

transmitting to said client a verified load value so that said client may load a stored- 
value card associated with said client by said load value; 

5 transmitting to said client an address of a load server so that said client may send a 

load request to said load server; and 

a confirmation step for performing the function of confirming the loading of said 
stored-value card, whereby said bank server is assured that the loading is a success. 

43. A method as recited in claim 42 wherein said network is an internet over which said 
10 recited steps of said method occur, wherein said bank server includes a bank web site for 

accepting a load request, and wherein said client and said bank server are at separate 
locations. 

44. A method as recited in any of claims 42 or 43 wherein said confirmation step 
includes receiving a confirmation message that originates from one of said load server and a 

15 security module associated with said load server. 

45. A method as recited in any of claims 42-44 further comprising: 

transmitting a first key to said client for encrypting a load request to be sent to said 
load server; 

providing said first key to decrypt said encrypted load request to said load server 
20 without sending said first key in the clear to said load server; and 

receiving an encrypted confirmation message from said load server that is encrypted 
by a second key shared between said bank server and said load server. 

46. A method as recited in any of claims 42-45 further comprising: 

debiting a user account by said load value; and 

25 sending transaction information including said load value to a stored-value card 

issuer for later settlement. 

47 . A computer-implemented method of loading a stored-value card over a network 
comprising: 
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transmitting over a network from a client terminal to a bank server a request to load 
a stored-value card; 

receiving from said bank server a verified load value; 

sending a load request to a load server connected to said network; 

5 receiving a load command from said load server; 

loading said stored-value card by said load value; and 

sending confirmation information to said bank server, whereby said bank server is 
assured that said loading is a success. 

48 . A method as recited in claim 47 wherein said network is an internet over which said 
10 recited steps of said method occur, wherein said bank server includes a bank web site for 

accepting a load request, and wherein said client terminal and said bank server are at 
separate locations. 

49. A method as recited in any of claims 47 or 48 further comprising: 

emulating security module commands that are sent to said stored-value card 
1 5 associated with said client terminal; and 

grouping responses to said security module commands into said load request so that 
said responses may be sent as a group to said load server to reduce network traffic between 
said load server and said client terminal. 

50. A method as recited in any of claims 47-49 wherein said confirmation information 
20 includes an encrypted confirmation message unreadable by said client terminal, said method 

further comprising: 

receiving said encrypted confirmation message from said load server. 

51. A computer-implemented method of managing a stored-value card load transaction 
between a client terminal and a bank server connected over a network, said method 

25 comprising: 

receiving by a load server over said network a load request, said load request 
including a stored-value card signature; 
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sending said stored-value card signature to a security module associated with said 
load server so that said stored-value card signature may be validated by said security 
module; 

receiving a load command from said security module; 

5 sending said load command from said load server destined to said client terminal so 

that a stored-value card associated with said client terminal may be loaded by a load value; 
and 

a confirmation step for performing the function of confirming the loading of said 
stored-value card, whereby a bank server is informed that the loading is a success. 

10 52. A method as recited in claim 5 1 wherein said network is an intemet over which said 
recited steps of said method occur, wherein said bank server includes a bank web site for 
accepting a load request, and wherein said client terminal and said bank server are at 
separate locations. 

53 . A method as recited in any of claims 5 1 or 52 further comprising: 

15 receiving as part of said load request responses from said stored-value card to 

security module commands that have been emulated by said client terminal; and 

emulating said stored-value card responses in an interaction with said security 
module to receive responses from said security module, whereby network traffic between 
said load server and said client terminal is reduced. 

20 54. A method as recited in any of claims 5 1 -53 wherein said confirmation step includes 
the sub-steps of: 

comparing said received stored-value card signature with an expected signature; and 

sending a confirmation message destined for said bank server, whereby said bank 
server is assured that said stored-value card has been loaded. 

25 55. A computer- implemented method of interacting with a stored-value card by a client 
terminal to facilitate the loading of said stored-value card over a network, said method 
comprising: 

receiving a load value from a bank server connected to said network; 

emulating a plurality of security module commands that are sent to said stored-value 
30 card associated with said client terminal; 
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receiving a plurality of responses to said security module commands from said 
stored-value card; 

grouping said responses to said security module commands from said stored-value 
card to form a load request; and 

5 sending said load request to a load server over said network so that said load 

request may be processed by a security module associated with said load server to facilitate 
the loading of said stored-value card over said network, whereby network traffic between 
said load server and said client terminal is reduced. 

56. A method as recited in claim 23 wherein said network is an internet over which said 
10 recited steps of said method occur, wherein said bank server includes a bank web site for 

accepting a load request, and wherein said client terminal and said bank server are at 
separate locations. 

57. A method as recited in any of claims 55 or 56 further comprising: 

receiving an encrypted confirmation message from said load server that is 
1 5 unreadable by said client terminal; and 

sending said encrypted confirmation message to said bank server, whereby said 
bank server is assured that said stored-value card has been loaded. 

58. A computer-implemented method of interacting with a security module by a load 
server to facilitate the loading of a stored-value card over a network, said method 

20 comprising: 

receiving a load request from a client terminal over a network, said load request 
including a plurality of responses from a stored-value card generated in response to 
emulation of security module commands, whereby network traffic between said load server 
and said client terminal is reduced; 

25 emulating said stored-value card responses in an interaction with said security 

module associated with said load server; 

receiving a plurality of security module responses from said security module in 
response to said emulation; and 

sending a load command destined to said client terminal over said network to 
30 facilitate loading of said stored-value card. 
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59. A method as recited in claim 58 wherein said network is an internet over which said 
recited steps of said method occur, and wherein said client terminal and said load server are 
at separate locations. 

60. A method as recited in any of claims 58 or 59 further comprising: 

5 a confirmation step for performing the function of confirming loading of said 

stored-value card, whereby said bank server is assured that said stored-value card has been 
loaded. 
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SIGNATURE. "DEBir COMMAND AND EXPECTED 
STORED-VALUE CARD SIGNATURE 



.704 



1 



706 



TERMINAL SENDS SECURITY CARD SIGNATURE. "DEBIT" COMMAND" AND 
EXPECTED STORED-VALUE CARD SIGNATURE TO PAYMENT SERVER 



PERFORM STEPS 616 - 622 



.708 



710 



PAYMENT SERVER CODE MODULE PROCESSES RESPONSE. VERIFIES CARD 

SIGNATURE BY COMPARING RECEIVED CARD SIGNATURE WITH EXPECTED 
STORED-VALUE CARD SIGNATURE RECEIVED EARLIER FROM SECURITY CARD 



PERFORM STEPS 632 - 640 



712 



FIG. 12 B«oJ^ 
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BEGIN ALTERNATIVE 
COMPARISON OF STORED VALUE CARD SIGNATURE 
BY CLIENT TERMINAL 
(see FIGURE?) 



PERFORM STEPS 602 - 612 AND STEPS 680 - 690 



^22 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD SIGNATURE, 
"DEBIT" COMMAND AND EXPECTED STORED-VALUE CARD SIGNATURE 





TERMINAL SENDS SECURITY CARD SIGNATURE, "DEBIT" COMMAND AND 
EXPECTED STORED-VALUE CARD SIGNATURE TO PAYMENT SERVER 


^726 








728 


PAYMENT SERVER SENDS "DEBIT" COMMAND. SECURITY CARD SIGNATURE AND EXPECTED 
STORED-VALUE CARD SIGNATURE TO CLIENT TERMINAL 



PERFORM STEPS 618,620 



730 



732 



CLIENT TERMINAL CODE MODULE PROCESSES RESPONSE, VERIFIES CARD 
SIGNATURE BY COMPARING RECEIVED CARD SIGNATURE FROM 
STORED-VALUE CARD WITH EXPECTED SIGNATURE RECEIVED EARLIER 
FROM SECURITY CARD VIA PAYMENT SERVER 



CLIENT TERMINAL CODE MODULE GENERATES CONFIRMATION 
MESSAGE FOR MERCHANT SERVER 



734 




736 



J 

FIG. 13 CT ^ 
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BEGIN ALTERNATIVE 
COMPARISON OF STORED-VALUE CARD SIGNATURE 
BY MERCHANT SERVER 
(see FIGURE 8) 



PERFORM STEPS 602 - 612 AND STEPS 680 - 690 



.742 



744 



SECURITY CARD IN TERMINAL GENERATES SECURITY CARD SIGNATURE, "DEBIT" 
COMMAND AND EXPECTED STORED-VALUE CARD SIGNATURE 



TERMINAL SENDS SECURITY CARD SIGNATURE. "DEBir COMMAND AND 
EXPECTED STORED-VALUE CARD SIGNATURE TO PAYMENT SERVER 



746 



748 



PAYMENT SERVER SENDS "DEBIT" COMMAND. SECURITY CARD SIGNATURE AND ENCRYPTED 
STORED-VALUE CARD SIGNATURE TO CLIENT TERMINAL 



PERFORM STEPS 618. 620 



I 



.750 



752 



CLIENT TERMINAL SENDS DEBIT SUCCESS MESSAGE. RAW CARD 
SIGNATURE RECEIVED FROM STORED-VALUE CARD AND ENCRYPTED CARD 
SIGNATURE RECEIVED FROM PAYMENT SERVER TO MERCHANT SERVER 



754 



MERCHANT SERVER PROCESSES DEBIT SUCCESS MESSAGE AND DECRYPTS 
ENCRYPTED SVC SIGNATURE IN ORDER TO COMPARE 
RAW CARD SIGNATURE TO CARD SIGNATURE FROM SECURITY CARD 



MERCHANT SERVER GENERATES CONFIRMATION MESSAGE 



-756 



PERFORM STEPS 638. 640 



.758 



FIG. 14 



END 
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BEGIN IMPLEMENTATION 
OF ADDED SECURITY LAYER TO EMBODIMENTS 
OF THE INVENTION 
(see FIGURE 9) 



PAYMENT SERVER AND MERCHANT SERVER SHARE A 
UNIQUE DES ENCRYPTION KEY 



802 



CLIENT TERMINAL AND MERCHANT SERVER ENGAGE IN 
PROTECTED SSL SESSION 



.804 



806 



MERCHANT SERVER DERIVES A KEY FROM THE DES KEY USING 
INFORMATION UNIQUE TO THE TRANSACTION SUCH AS MERCHANT 
IDENTIFIER. TRANSACTION IDENTIFIER, ETC. 



■808 



MERCHANT SERVER DOWNLOADS HTML PAGE TO CLIENT 
TERMINAL INCLUDING A TRANSACTION SESSION KEY (TSK) AND 
THE TSK ENCRYPTED WITH THE DERIVED KEY (ETSK) 



810 



CLIENT SENDS DRAW REQUEST ENCRYPTED WITH TSK TO 
PAYMENT SERVER ALONG WITH ETSK 



812 



PAYMENT SERVER DECRYPTS ETSK WITH SHARED DES KEY TO PRODUCE TSK; 
DECRYPTS DRAW REQUEST WITH TSK IN ORDER TO PROCESS DRAW REQUEST, 
AND ENCRYPTS "DEBIT" COMMAND WITH TSK 



FIG. 15A 0 
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PAYMENT SERVER SEN 
COMMAND TO C 


OS ENCRYPTED "DEBrP 
LIENT TERMINAL 



814 



CLIENT DECRYPTS "DEBIT" COMMAND AND PROCESSES IN |/ 
CONJUNCTION WITH STORED-VALUE CARD 



816 



CLIENT SENDS "DEBIT RESPONSE" MESSAGE 
ENCRYPTED WITH TSK TO PAYMENT SERVER 



^18 



PAYMENT SERVER AND SECURITY CARD PROCESS "DEBIT RESPONSE" 
MESSAGE AND SEND "DEBIT RESULT C" MESSAGE ENCRYPTED WITH TSK 
AND "DEBIT RESULT M" MESSAGE ENCRYPTED WITH DERIVED KEY TO 

CLIENT TERMINAL 



822 



CLIENT DECRYPTS "DEBIT RESULT C" MESSAGE AND PASSES "DEBIT 
RESULT M" MESSAGE ON TO MERCHANT SERVER 



MERCHANT SERVER DECRYPTS "DEBIT RESULT M" MESSAGE USING 
DERIVED KEY FROM DES KEY AND PROCESSES RESULT 



824 



FIG. 1.5B c^^W-^ 
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FIG. 18A C 



21/24 
BEGIN 

LOAD VALUE ONTO STORED-VALUE CARD 



870 



I 



871 



USER SELECTS LOAD VALUE OPTION FROM BANK INTERNET SITE 



i: 



872 

N 



CLIENT READS CARD BALANCE, ETC.. AND SENDS TO BANK SERVER 



873 



BANK SERVER DETERMINES MAXIMUM LOAD VALUE AND 
CHECKS FUNDS IN USER'S ACCOUNT 



874 



\ 



BANK SERVER SENDS PAGE OF INFORMATION TO CLIENT TERMINAL 
INCLUDING: LOAD VALUE, CURRENCY, IP ADDRESS OF LOAD SERVER, 
TRANSACTION IDENTIFIER, BANK IDENTIFIER. SESSION KEY 



875 
\ 



USER ACCOUNT DEBITED BY LOAD VALUE 



876 CLIENT TERMINAL INTERACTS WITH STORED-VALUE CARD IN READER AND 
\ BUILDS LOAD REQUEST MESSAGE 



877 



878 



CLIENT TERMINAL ACCESSES LC 


)AD SERVER USING IP ADDRESS 






CLIENT TERMINAL SENDS LOAD REQUEST MESSAGE TO LOAD SERVER 



879 



N 



LOAD SERVER PROCESSES LOAD REQUEST 
(see FIGURE 18D) 
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FIG. 18B 
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880 



LOAD SERVER SENDS 'LOAD " COMMAND WITH SECURITY 
MODULE SIGNATURE TO CLIENT TERMINAL 



881 



CLIENT TERMINAL PASSES "LOAD" COMMAND TO CARD WHICH LOADS 
ITSELF BY LOAD VALUE AND GENERATES CARD SIGNATURE 



882 



CARD SENDS "LOAD SUCCESS" AND CARD SIGNATURE TO CLIENT TERMINAL 



883 



CLIENT TERMINAL SENDS "LOAD SUCCESS" MESSAGE AND CARD 
SIGNATURE TO LOAD SERVER 



884 



LOAD SERVER PROCESSES AND DIRECTS RECEIVED 
RESPONSE TO HOST SECURITY MODULE 



885 



HOST SECURITY MODULE VERIFIES CARD SIGNATURE 



886 



HOST SECURITY MODULE SENDS "CONFIRMATION" TO LOAD SERVER 



887 



LOAD SERVER UPDATES ITS DATABASE 
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870 



LOAD SERVER SENDS "CONFIRMATION" MESSAGE TO CLIENT TERMINAL 



891. 



892- 



CLIENT TERMINAL PASSES "CONFIRMATION" MESSAGE TO BANK SERVER 



BANK SERVER REGISTERS "CONFIRMATION" MESSAGE 



END 



895. 



896 



LOAD REQUEST EDITED SYNTACTICALLY AND LOGGED 



LOAD SERVER PARSES LOAD REQUEST INTO COMPONENTS 
AND PROCESSES EACH COMPONENT IN TURN 



897- 



LOAD REQUEST COMPONENTS PASSED TO HOST SECURITY MODULE 



898 



I 



HOST SECURITY MODULE VERIFIES CARD SIGNATURE, 
GENERATES SECURITY CARD SIGNATURE, "LOAD" COMMAND 



899 



HOST SECURfTY MODULE SENDS MERCHANT CARD 
SIGNATURE AND "LOAD" COMMAND TO LOAD SERVER 



FIG. 18D 
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